| <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" |
| "http://www.w3.org/TR/html4/loose.dtd"> |
| <html> |
| <head> |
| <script> |
| function log(message) |
| { |
| var console = document.getElementById('console'); |
| console.appendChild(document.createTextNode(message)); |
| console.appendChild(document.createElement('br')); |
| } |
| |
| function testXHRDenied() |
| { |
| log("Checking that same-origin iframes work."); |
| var f = document.getElementById("f"); |
| f.contentDocument.body.innerHTML = "Successful write into iframe"; |
| log("Doing an XHR to an existing file."); |
| xhr = new XMLHttpRequest(); |
| |
| try { |
| xhr.open("GET", "../xmlhttprequest-no-file-access-expected.txt", false); |
| xhr.send(""); |
| log("Bad: XHR didn't throw exception"); |
| } catch(e) { |
| log("Exception: " + e.message); |
| try { |
| var results = window.top.document.getElementById('results'); |
| log("Bad: DOM access didn't throw exception"); |
| } catch (e) { |
| log("Exception: " + e.message); |
| if (window.testRunner) { |
| setTimeout("testRunner.notifyDone()", 0); |
| } |
| } |
| } |
| } |
| </script> |
| </head> |
| <body onload="testXHRDenied()"> |
| <iframe id="f"></iframe> |
| <p> We're checking we can't read an arbitrary file when we set each file:// URI to have a unique domain. </p> |
| <div id="console"/> |
| </body> |
| </html> |
