LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url.html - WebKit - Git at Google

 <html>
 <head>
     <script src="../resources/cross-frame-access.js"></script>
     <script>
         if (window.testRunner) {
             testRunner.dumpAsText();
             testRunner.dumpChildFramesAsText();
             testRunner.waitUntilDone();
         }

         function loaded() {
             // This has to be broken into parts so that when it is included below the <script> tags
             // are not interpreted as closing the current script context.
             var innerURLFirstPart = "data:text/html,<html>"
                 + "<head>"
                 +     "<scr";

             var innerURLSecondPart = "ipt>"
                 +         "function fireSentinel() {"
                 +             "if (window.testRunner)"
                 +                 "testRunner.globalFlag = true;"
                 +         "}"
                 +     "</scr";

             var innerURLThirdPart = "ipt>"
                 + "</head>"
                 + "<body onload=\"fireSentinel();\">"
                 +     "<p id=\"accessMe\">PASS: Cross frame access from a data: URL was denied.</p>"
                 +     "<p>Inner-inner iframe.</p>"
                 + "</body>"
                 + "</html>";

             var url = "data:text/html,<html>"
                 + "<head>"
                 +     "<scr" + "ipt>"
                 +         "function loaded() {"
                 +             "var iframe = document.getElementById('inner');"
                 +             "iframe.src = '" + innerURLFirstPart + "' + '" + innerURLSecondPart + "' + '" + innerURLThirdPart + "';"
                 +             "if (window.testRunner) {"
                 +                 "setTimeout(waitForFlag, 1);"
                 +                 "function waitForFlag() {"
                 +                     "if (!testRunner.globalFlag) {"
                 +                         "setTimeout(waitForFlag, 1);"
                 +                         "return;"
                 +                     "}"
                 +                     "performTest();"
                 +                 "}"
                 +             "} else {"
                 +                 "document.getElementById('console').innerHTML = 'Click the button when all the subframes have finished loading.';"
                 +             "}"
                 +         "}"
                 +         "function performTest() {"
                 +             "try {"
                 +                 "frames[0].document.getElementById('accessMe').innerHTML = 'FAIL: Cross frame access from a data: URL was allowed.';"
                 +             "} catch (e) {"
                 +                 "console.log(e);"
                 +             "}"
                 +             "if (window.testRunner)"
                 +                 "testRunner.notifyDone();"
                 +         "}"
                 +     "</scr" + "ipt>"
                 + "</head>"
                 + "<body onload='loaded();'>"
                 +     "<iframe id='inner' name='inner'></iframe>"
                 +     "<p>Inner iframe.</p>"
                 +     "<button onclick='performTest();'>Test</button>"
                 +     "<pre id='console'></pre>"
                 + "</body>"
                 + "</html>";

             var iframe = document.getElementById("aFrame");
             iframe.src = url;
         }
     </script>
 </head>
 <body onload="loaded();">
     <p>This tests that a data: URL subframe can't access a child data: URL subframe of itself.</p>
     <iframe name="aFrame" id="aFrame" style="width: 500px; height: 300px;"></iframe>
 </body>
 </html>
	<html>
	<head>
	<script src="../resources/cross-frame-access.js"></script>
	<script>
	if (window.testRunner) {
	testRunner.dumpAsText();
	testRunner.dumpChildFramesAsText();
	testRunner.waitUntilDone();
	}

	function loaded() {
	// This has to be broken into parts so that when it is included below the <script> tags
	// are not interpreted as closing the current script context.
	var innerURLFirstPart = "data:text/html,<html>"
	+ "<head>"
	+ "<scr";

	var innerURLSecondPart = "ipt>"
	+ "function fireSentinel() {"
	+ "if (window.testRunner)"
	+ "testRunner.globalFlag = true;"
	+ "}"
	+ "</scr";

	var innerURLThirdPart = "ipt>"
	+ "</head>"
	+ "<body onload=\"fireSentinel();\">"
	+ "<p id=\"accessMe\">PASS: Cross frame access from a data: URL was denied.</p>"
	+ "<p>Inner-inner iframe.</p>"
	+ "</body>"
	+ "</html>";

	var url = "data:text/html,<html>"
	+ "<head>"
	+ "<scr" + "ipt>"
	+ "function loaded() {"
	+ "var iframe = document.getElementById('inner');"
	+ "iframe.src = '" + innerURLFirstPart + "' + '" + innerURLSecondPart + "' + '" + innerURLThirdPart + "';"
	+ "if (window.testRunner) {"
	+ "setTimeout(waitForFlag, 1);"
	+ "function waitForFlag() {"
	+ "if (!testRunner.globalFlag) {"
	+ "setTimeout(waitForFlag, 1);"
	+ "return;"
	+ "}"
	+ "performTest();"
	+ "}"
	+ "} else {"
	+ "document.getElementById('console').innerHTML = 'Click the button when all the subframes have finished loading.';"
	+ "}"
	+ "}"
	+ "function performTest() {"
	+ "try {"
	+ "frames[0].document.getElementById('accessMe').innerHTML = 'FAIL: Cross frame access from a data: URL was allowed.';"
	+ "} catch (e) {"
	+ "console.log(e);"
	+ "}"
	+ "if (window.testRunner)"
	+ "testRunner.notifyDone();"
	+ "}"
	+ "</scr" + "ipt>"
	+ "</head>"
	+ "<body onload='loaded();'>"
	+ "<iframe id='inner' name='inner'></iframe>"
	+ "<p>Inner iframe.</p>"
	+ "<button onclick='performTest();'>Test</button>"
	+ "<pre id='console'></pre>"
	+ "</body>"
	+ "</html>";

	var iframe = document.getElementById("aFrame");
	iframe.src = url;
	}
	</script>
	</head>
	<body onload="loaded();">
	<p>This tests that a data: URL subframe can't access a child data: URL subframe of itself.</p>
	<iframe name="aFrame" id="aFrame" style="width: 500px; height: 300px;"></iframe>
	</body>
	</html>