Google Git
Sign in
webkit / WebKit / 7bcda283db1bdca0a1cb57234e97fdd48029e4ec / . / LayoutTests / http / tests / security / javascriptURL / xss-ALLOWED-to-javascript-url-from-javscript-url.html
blob: 17f9af70dbd1644a130ffaeaaa3beb10fa6866dc [file] [log] [blame]
<html>
<body>
<p>This tests that a javascript: URL loaded in an iframe inside another javascript: URL loaded iframe has access to it's parent, the
first javascript: URL loaded iframe.</p>
<iframe id="aFrame" name="aFrame" style="width: 500px; height: 300px;"></iframe>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.dumpChildFramesAsText();
}
var innerURL = 'javascript:\\\"<html>'
+ "<head>"
+ "<scr" + "ipt>"
+ 'parent.document.getElementById(\\\\\\\"accessMe\\\\\\\").innerHTML = \\\\\\\"PASS: Cross frame access from a javascript: URL was allowed!\\\\\\\";'
+ "</scri" + "pt>"
+ "</head>"
+ "<body>"
+ "<p>Inner-inner iframe.</p>"
+ "</body>"
+ '</html>\\\"';
var url = "javascript:\"<html>"
+ "<body>"
+ "<p id='accessMe'>FAIL: Cross frame access from a javascript: URL was denied.</p>"
+ "<iframe src='" + innerURL + "'></iframe>"
+ "<p>Inner iframe.</p>"
+ "</body>"
+ "</html>\"";
var iframe = document.getElementById("aFrame");
iframe.src = url;
</script>
</body>
</html>