LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe.html-disabled - WebKit - Git at Google

 <html>
 <head>
     <script src="../resources/cross-frame-access.js"></script>
 </head>
 <body>
     <p>The scenario for this test is that you have an iframe with content from a foreign domain.  In that foreign content
         is an iframe which loads a data: URL.  This tests that this main document does not have access to that
         data: URL loaded iframe.</p>
     <iframe src="http://localhost:8000/security/dataURL/resources/foreign-domain-data-url-accessee-iframe.html" style="width: 400px; height:200px;"></iframe>
     <pre id="console"></pre>
     <script>
         if (window.layoutTestController) {
             layoutTestController.dumpAsText();
             layoutTestController.dumpChildFramesAsText();
             layoutTestController.waitUntilDone();
         }

         var testDone = false;

         setTimeout(test, 1);

         setTimeout(function() {
             if (!testDone) {
                 log("FAIL: Test timed out");
                 if (window.layoutTestController)
                     layoutTestController.notifyDone();
             }
         }, 2000);

         function test() {
             var innerFrame = window.frames[0];
             if (!innerFrame) {
                 setTimeout(test, 1);
                 return;
             }

             var innerInnerFrame = innerFrame.frames[0];
             if (!innerInnerFrame) {
                 setTimeout(test, 1);
                 return;
             }

             // When the flag frame is not undefined, we know that the inner-inner frame has loaded.
             var flagFrame = innerInnerFrame.frames[0];
             if (!flagFrame) {
                 setTimeout(test, 1);
                 return;
             }

             try {
                 if (innerInnerFrame.document) {
                     innerInnerFrame.document.getElementById('accessMe').innerHTML = "FAIL: Cross frame access to a data: URL embed in a frame on a foreign domain allowed.";
                     log("FAIL: Cross frame access to a data: URL embed in a frame on a foreign domain allowed.");
                     testDone = true;
                     if (window.layoutTestController)
                         layoutTestController.notifyDone();
                     return;
                 }
             } catch (e) {
             }

             log("PASS: Cross frame access to a data: URL embed in a frame on a foreign domain denied!");
             testDone = true;
             if (window.layoutTestController)
                 layoutTestController.notifyDone();
         }
     </script>
 </body>
 </html>
	<html>
	<head>
	<script src="../resources/cross-frame-access.js"></script>
	</head>
	<body>
	<p>The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content
	is an iframe which loads a data: URL. This tests that this main document does not have access to that
	data: URL loaded iframe.</p>
	<iframe src="http://localhost:8000/security/dataURL/resources/foreign-domain-data-url-accessee-iframe.html" style="width: 400px; height:200px;"></iframe>
	<pre id="console"></pre>
	<script>
	if (window.layoutTestController) {
	layoutTestController.dumpAsText();
	layoutTestController.dumpChildFramesAsText();
	layoutTestController.waitUntilDone();
	}

	var testDone = false;

	setTimeout(test, 1);

	setTimeout(function() {
	if (!testDone) {
	log("FAIL: Test timed out");
	if (window.layoutTestController)
	layoutTestController.notifyDone();
	}
	}, 2000);

	function test() {
	var innerFrame = window.frames[0];
	if (!innerFrame) {
	setTimeout(test, 1);
	return;
	}

	var innerInnerFrame = innerFrame.frames[0];
	if (!innerInnerFrame) {
	setTimeout(test, 1);
	return;
	}

	// When the flag frame is not undefined, we know that the inner-inner frame has loaded.
	var flagFrame = innerInnerFrame.frames[0];
	if (!flagFrame) {
	setTimeout(test, 1);
	return;
	}

	try {
	if (innerInnerFrame.document) {
	innerInnerFrame.document.getElementById('accessMe').innerHTML = "FAIL: Cross frame access to a data: URL embed in a frame on a foreign domain allowed.";
	log("FAIL: Cross frame access to a data: URL embed in a frame on a foreign domain allowed.");
	testDone = true;
	if (window.layoutTestController)
	layoutTestController.notifyDone();
	return;
	}
	} catch (e) {
	}

	log("PASS: Cross frame access to a data: URL embed in a frame on a foreign domain denied!");
	testDone = true;
	if (window.layoutTestController)
	layoutTestController.notifyDone();
	}
	</script>
	</body>
	</html>