| <html> |
| <head> |
| <script src="../resources/cross-frame-access.js"></script> |
| </head> |
| <body> |
| <p>The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content |
| is an iframe which loads a javascript: URL. This tests that this main document does not have access to that |
| javascript: URL loaded iframe.</p> |
| <iframe src="http://localhost:8000/security/javascriptURL/resources/foreign-domain-javascipt-url-accessee-iframe.html" style="width: 400px; height:200px;"></iframe> |
| <pre id="console"></pre> |
| <script> |
| if (window.layoutTestController) { |
| layoutTestController.dumpAsText(); |
| layoutTestController.dumpChildFramesAsText(); |
| layoutTestController.waitUntilDone(); |
| } |
| |
| var innerFrame = window.frames[0]; |
| |
| var testDone = false; |
| |
| setTimeout(test, 1); |
| |
| setTimeout(function() { |
| if (!testDone) { |
| log("FAIL: Test timed out"); |
| if (window.layoutTestController) |
| layoutTestController.notifyDone(); |
| } |
| }, 2000); |
| |
| function test() { |
| var innerInnerFrame = innerFrame.frames[0]; |
| |
| if (!innerInnerFrame) { |
| setTimeout(test, 1); |
| return; |
| } |
| |
| // When the flag frame is not undefined, we know that the inner-inner frame has loaded. |
| var flagFrame = innerInnerFrame.frames['flag']; |
| if (!flagFrame) { |
| setTimeout(test, 1); |
| return; |
| } |
| |
| try { |
| if (innerInnerFrame.document.getElementById('accessMe')) { |
| innerInnerFrame.document.getElementById('accessMe').innerHTML = "FAIL: Cross frame access to a javascript: URL embed in a frame on a foreign domain allowed."; |
| log("FAIL: Cross frame access to a javascript: URL embed in a frame on a foreign domain allowed."); |
| testDone = true; |
| if (window.layoutTestController) |
| layoutTestController.notifyDone(); |
| return; |
| } |
| } catch (e) { |
| } |
| |
| log("PASS: Cross frame access to a javascript: URL embed in a frame on a foreign domain denied!"); |
| testDone = true; |
| if (window.layoutTestController) |
| layoutTestController.notifyDone(); |
| } |
| </script> |
| </body> |
| </html> |