LayoutTests/http/tests/inspector/dom/cross-domain-inspected-node-access.html - WebKit - Git at Google

 <!doctype html>
 <html>
 <head>
 <script type="text/javascript" src="../resources/inspector-test.js"></script>
 <script>
 function test()
 {
     let suite = InspectorTest.createAsyncSuite("CommandLineAPI.$0.cross-frame");

     let mainFrame = WI.networkManager.mainFrame;
     let childFrames = Array.from(mainFrame.childFrameCollection);
     InspectorTest.expectEqual(childFrames.length, 1, "Page should have a subframe.");

     let nodeInMainFrameId;
     let nodeInSubFrameId;

     suite.addTestCase({
         name: "AttemptCrossFrame$0AccessFromMainFrame",
         description: "Should not be able to access $0 node in different domain subframe from the main frame.",
         test(resolve, reject) {
             InspectorTest.log("Setting $0 to node within subframe.");
             DOMAgent.setInspectedNode(nodeInSubFrameId);
             RuntimeAgent.evaluate.invoke({expression: "$0", includeCommandLineAPI: true}, (error, remoteObjectPayload, wasThrown) => {
                 InspectorTest.assert(!error, "Should not be a protocol error.");
                 InspectorTest.assert(!wasThrown, "Should not be an exception.");
                 let remoteObject = WI.RemoteObject.fromPayload(remoteObjectPayload);
                 InspectorTest.expectThat(remoteObject.value === null, "MainFrame access to $0 node in subframe should be null.");
                 resolve();
             });
         }
     });

     suite.addTestCase({
         name: "AttemptSameFrame$0AccessFromMainFrame",
         description: "Should be able to access $0 node in the same frame.",
         test(resolve, reject) {
             InspectorTest.log("Setting $0 to node within the main frame.");
             DOMAgent.setInspectedNode(nodeInMainFrameId);
             RuntimeAgent.evaluate.invoke({expression: "$0", includeCommandLineAPI: true}, (error, remoteObjectPayload, wasThrown) => {
                 InspectorTest.assert(!error, "Should not be a protocol error.");
                 InspectorTest.assert(!wasThrown, "Should not be an exception.");
                 let remoteObject = WI.RemoteObject.fromPayload(remoteObjectPayload);
                 InspectorTest.expectThat(remoteObject.isNode(), "MainFrame access to $0 node in main frame should be a node.");
                 resolve();
             });
         }
     });

     suite.addTestCase({
         name: "AttemptCrossFrame$0AccessFromSubFrame",
         description: "Should not be able to access $0 node in different domain main frame from the subframe.",
         test(resolve, reject) {
             InspectorTest.log("Setting $0 to node within the main frame.");
             DOMAgent.setInspectedNode(nodeInMainFrameId);
             RuntimeAgent.evaluate.invoke({expression: "$0", includeCommandLineAPI: true, contextId: childFrames[0].pageExecutionContext.id}, (error, remoteObjectPayload, wasThrown) => {
                 InspectorTest.assert(!error, "Should not be a protocol error.");
                 InspectorTest.assert(!wasThrown, "Should not be an exception.");
                 let remoteObject = WI.RemoteObject.fromPayload(remoteObjectPayload);
                 InspectorTest.expectThat(remoteObject.value === null, "SubFrame access to $0 node in main frame should be null.");
                 resolve();
             });
         }
     });

     suite.addTestCase({
         name: "AttemptSameFrame$0AccessFromSubFrame",
         description: "Should be able to access $0 node in the same frame.",
         test(resolve, reject) {
             InspectorTest.log("Setting $0 to node within the subframe.");
             DOMAgent.setInspectedNode(nodeInSubFrameId);
             RuntimeAgent.evaluate.invoke({expression: "$0", includeCommandLineAPI: true, contextId: childFrames[0].pageExecutionContext.id}, (error, remoteObjectPayload, wasThrown) => {
                 InspectorTest.assert(!error, "Should not be a protocol error.");
                 InspectorTest.assert(!wasThrown, "Should not be an exception.");
                 let remoteObject = WI.RemoteObject.fromPayload(remoteObjectPayload);
                 InspectorTest.expectThat(remoteObject.isNode(), "SubFrame access to $0 node in sub frame should be a node.");
                 resolve();
             });
         }
     });

     WI.domManager.requestDocument((documentNode) => {
         WI.domManager.querySelector(documentNode.id, "iframe#myframe", (nodeId) => {
             let iframeNode = WI.domManager.nodeForId(nodeId);
             let iframeDocumentNodeId = iframeNode.children[0].id;
             WI.domManager.querySelector(iframeDocumentNodeId, "div#rootDiv", (nodeId) => {
                 nodeInMainFrameId = iframeNode.id;
                 nodeInSubFrameId = nodeId;
                 suite.runTestCasesAndFinish();
             });
         });
     });
 }
 </script>
 </head>
 <body>
 <p>Test that code evaluated in the main frame cannot access $0 that resolves to a node in a frame from a different domain. <a href="https://bugs.webkit.org/show_bug.cgi?id=105423">Bug 105423.</a></p>
 <iframe id="myframe" src="http://localhost:8000/inspector/page/resources/test-page.html" onload="runTest()"></iframe>
 </body>
 </html>
	<!doctype html>
	<html>
	<head>
	<script type="text/javascript" src="../resources/inspector-test.js"></script>
	<script>
	function test()
	{
	let suite = InspectorTest.createAsyncSuite("CommandLineAPI.$0.cross-frame");

	let mainFrame = WI.networkManager.mainFrame;
	let childFrames = Array.from(mainFrame.childFrameCollection);
	InspectorTest.expectEqual(childFrames.length, 1, "Page should have a subframe.");

	let nodeInMainFrameId;
	let nodeInSubFrameId;

	suite.addTestCase({
	name: "AttemptCrossFrame$0AccessFromMainFrame",
	description: "Should not be able to access $0 node in different domain subframe from the main frame.",
	test(resolve, reject) {
	InspectorTest.log("Setting $0 to node within subframe.");
	DOMAgent.setInspectedNode(nodeInSubFrameId);
	RuntimeAgent.evaluate.invoke({expression: "$0", includeCommandLineAPI: true}, (error, remoteObjectPayload, wasThrown) => {
	InspectorTest.assert(!error, "Should not be a protocol error.");
	InspectorTest.assert(!wasThrown, "Should not be an exception.");
	let remoteObject = WI.RemoteObject.fromPayload(remoteObjectPayload);
	InspectorTest.expectThat(remoteObject.value === null, "MainFrame access to $0 node in subframe should be null.");
	resolve();
	});
	}
	});

	suite.addTestCase({
	name: "AttemptSameFrame$0AccessFromMainFrame",
	description: "Should be able to access $0 node in the same frame.",
	test(resolve, reject) {
	InspectorTest.log("Setting $0 to node within the main frame.");
	DOMAgent.setInspectedNode(nodeInMainFrameId);
	RuntimeAgent.evaluate.invoke({expression: "$0", includeCommandLineAPI: true}, (error, remoteObjectPayload, wasThrown) => {
	InspectorTest.assert(!error, "Should not be a protocol error.");
	InspectorTest.assert(!wasThrown, "Should not be an exception.");
	let remoteObject = WI.RemoteObject.fromPayload(remoteObjectPayload);
	InspectorTest.expectThat(remoteObject.isNode(), "MainFrame access to $0 node in main frame should be a node.");
	resolve();
	});
	}
	});

	suite.addTestCase({
	name: "AttemptCrossFrame$0AccessFromSubFrame",
	description: "Should not be able to access $0 node in different domain main frame from the subframe.",
	test(resolve, reject) {
	InspectorTest.log("Setting $0 to node within the main frame.");
	DOMAgent.setInspectedNode(nodeInMainFrameId);
	RuntimeAgent.evaluate.invoke({expression: "$0", includeCommandLineAPI: true, contextId: childFrames[0].pageExecutionContext.id}, (error, remoteObjectPayload, wasThrown) => {
	InspectorTest.assert(!error, "Should not be a protocol error.");
	InspectorTest.assert(!wasThrown, "Should not be an exception.");
	let remoteObject = WI.RemoteObject.fromPayload(remoteObjectPayload);
	InspectorTest.expectThat(remoteObject.value === null, "SubFrame access to $0 node in main frame should be null.");
	resolve();
	});
	}
	});

	suite.addTestCase({
	name: "AttemptSameFrame$0AccessFromSubFrame",
	description: "Should be able to access $0 node in the same frame.",
	test(resolve, reject) {
	InspectorTest.log("Setting $0 to node within the subframe.");
	DOMAgent.setInspectedNode(nodeInSubFrameId);
	RuntimeAgent.evaluate.invoke({expression: "$0", includeCommandLineAPI: true, contextId: childFrames[0].pageExecutionContext.id}, (error, remoteObjectPayload, wasThrown) => {
	InspectorTest.assert(!error, "Should not be a protocol error.");
	InspectorTest.assert(!wasThrown, "Should not be an exception.");
	let remoteObject = WI.RemoteObject.fromPayload(remoteObjectPayload);
	InspectorTest.expectThat(remoteObject.isNode(), "SubFrame access to $0 node in sub frame should be a node.");
	resolve();
	});
	}
	});

	WI.domManager.requestDocument((documentNode) => {
	WI.domManager.querySelector(documentNode.id, "iframe#myframe", (nodeId) => {
	let iframeNode = WI.domManager.nodeForId(nodeId);
	let iframeDocumentNodeId = iframeNode.children[0].id;
	WI.domManager.querySelector(iframeDocumentNodeId, "div#rootDiv", (nodeId) => {
	nodeInMainFrameId = iframeNode.id;
	nodeInSubFrameId = nodeId;
	suite.runTestCasesAndFinish();
	});
	});
	});
	}
	</script>
	</head>
	<body>
	<p>Test that code evaluated in the main frame cannot access $0 that resolves to a node in a frame from a different domain. <a href="https://bugs.webkit.org/show_bug.cgi?id=105423">Bug 105423.</a></p>
	<iframe id="myframe" src="http://localhost:8000/inspector/page/resources/test-page.html" onload="runTest()"></iframe>
	</body>
	</html>