blob: c25b34cdf4c046f9f8b9dc1988a3e2f43847e935 [file] [log] [blame]
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
function finish()
{
if (location.reload != "hax0red")
document.getElementById("console").innerHTML = "PASS: cross-site assignment of location.replace not allowed";
else
document.getElementById("console").innerHTML = "FAIL: cross-site assignment of location.replace was allowed!";
if (window.testRunner)
testRunner.notifyDone();
}
</script>
<body onload="finish()">
<iframe src="http://localhost:8000/security/resources/xss-DENIED-assign-location-reload-attacker.html"></iframe>
<div id="console"></div>
</body>
</html>