| <html> |
| <head> |
| <script src="/js-test-resources/js-test-pre.js"></script> |
| <script src="resources/cross-frame-access.js"></script> |
| <script> |
| jsTestIsAsync = true; |
| |
| if (window.testRunner) |
| testRunner.dumpChildFramesAsText(); |
| |
| onload = function() |
| { |
| // Add manual run buttons if the browser does not support window.postMessage |
| if (!window.postMessage) { |
| log("YOUR BROWSER DOES NOT SUPPORT window.postMessage"); |
| log("To run this test manually, first click the button titled 'Step 1 - Set Test' in this frame."); |
| log("Then click the button in the sub frame titled 'Step 2 - Set Check' to finish the test.\n"); |
| |
| var button = document.createElement("button"); |
| button.appendChild(document.createTextNode("Step 1 - Set Test")); |
| button.onclick = doTest; |
| document.body.appendChild(button); |
| } |
| } |
| |
| receiver = function(e) |
| { |
| if (e.data == "propertiesSet") |
| doTest(); |
| } |
| addEventListener('message', receiver, false); |
| |
| |
| doTest = function() |
| { |
| targetFrame = frames[0]; |
| |
| // Attempt to inject functions into the target frame. These will be checked in the final step. |
| try { Object.prototype.__defineSetter__.call(targetFrame, 'injectedSetter', function() { alert("Set injected setter in: " + document.URL); return "customSetter"; }); } catch(e) { log(e); } |
| try { Object.prototype.__defineGetter__.call(targetFrame, 'injectedGetter', function() { return "customGetter"; }); } catch(e) { log(e); } |
| |
| log("\n----- test getting values cross-frame using Object.prototype -----\n"); |
| |
| // Attempt to detect values set on the target frame. |
| shouldThrowErrorName("Object.prototype.__lookupGetter__.call(targetFrame, 'myGetter');", "SecurityError"); |
| shouldThrowErrorName("Object.prototype.__lookupSetter__.call(targetFrame, 'mySetter');", "SecurityError"); |
| |
| shouldThrowErrorName("Object.prototype.propertyIsEnumerable.call(targetFrame, 'myProp');", "SecurityError"); |
| shouldThrowErrorName("Object.prototype.hasOwnProperty.call(targetFrame, 'myProp');", "SecurityError"); |
| |
| if (window.postMessage) |
| targetFrame.postMessage("settingValuesComplete", "*"); |
| else |
| log("\nSet Test complete! Click button entitled 'Step 2 - Set Check' to finish the test."); |
| } |
| </script> |
| </head> |
| <body> |
| <iframe name="target" src="http://localhost:8000/security/resources/cross-frame-iframe-for-object-prototype-test.html"></iframe> |
| <pre id="console"></pre> |
| <script src="/js-test-resources/js-test-post.js"></script> |
| </body> |
| </html> |