| CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/dataURL/resources/foreign-domain-data-url-accessor-iframe.html from frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe.html. Domains, protocols and ports must match. |
| |
| CONSOLE MESSAGE: line 1: TypeError: Undefined value |
| The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content is an iframe which loads a data: URL. This tests that the data: URL loaded iframe does not have access to the main frame using top.document. |
| |
| |
| Pass: Cross frame access from a data: URL on a different domain was denied. |
| |
| |
| |
| -------- |
| Frame: 'aFrame' |
| -------- |
| Inner iframe on a foreign domain. |
| |
| |
| |
| -------- |
| Frame: 'aFrame' |
| -------- |
| Inner-inner iframe. This iframe (which is data: URL and whose parent is on a foreign domain) is the frame attempting to access the main frame. It should not have access to it. |
| |
| |
| |
| -------- |
| Frame: '<!--framePath //aFrame/aFrame/<!--frame0-->-->' |
| -------- |
| |