blob: dea017d678a15fdd13c77a92ae515c708e7bd3ac [file] [log] [blame]
<script src="resources/cross-frame-access.js"></script>
var windowConstructorPropertiesNotAllowed = [
var windowFunctionPropertiesNotAllowed = [
var windowAttributesPropertiesNotAllowed = [
window.onload = function()
if (window.testRunner) {
if (window.testRunner) {
setTimeout(pollForTest, 1);
} else {
log("To run the test, click the button below when the opened window finishes loading.");
var button = document.createElement("button");
button.appendChild(document.createTextNode("Run Test"));
button.onclick = runTest;
pollForTest = function()
if (!testRunner.globalFlag) {
setTimeout(pollForTest, 1);
runTest = function()
window.targetWindow = frames[0];
log("\n----- tests for getting of not allowed properties -----\n");
log("\n----- tests for getting of not allowed Constructors -----\n");
for (var i = 0; i < windowConstructorPropertiesNotAllowed.length; i++) {
var property = windowConstructorPropertiesNotAllowed[i];
shouldBeFalse("canGetDescriptor(targetWindow, '" + property + "')");
log("\n----- tests for getting of not allowed Functions -----\n");
for (var i = 0; i < windowFunctionPropertiesNotAllowed.length; i++) {
var property = windowFunctionPropertiesNotAllowed[i];
shouldBeFalse("canGetDescriptor(targetWindow, '" + property + "')");
log("\n----- tests for getting of not allowed Attributes -----\n");
for (var i = 0; i < windowAttributesPropertiesNotAllowed.length; i++) {
var property = windowAttributesPropertiesNotAllowed[i];
if (property == "document")
log("Firefox allows access to 'document' but throws an exception when you access its properties.");
shouldBeFalse("canGetDescriptor(targetWindow, '" + property + "')");
log("----- tests access to cross domain location object -----");
window.targetLocation = targetWindow.location;
var locationPropertiesNotAllowed = [
"protocol", "host", "hostname", "port", "pathname", "search", "hash", "toString", "valueOf", "customProperty"
var locationPropertiesAllowed = [
"assign", "replace", "reload"
for (var i = 0; i < locationPropertiesNotAllowed.length; i++)
shouldBeFalse("canGetDescriptor(targetLocation, '" + locationPropertiesNotAllowed[i] + "')");
for (var i = 0; i < locationPropertiesAllowed.length; i++)
shouldBeTrue("canGetDescriptor(targetLocation, '" + locationPropertiesAllowed[i] + "')");
log("----- tests access to cross domain history object -----");
window.targetHistory = targetWindow.history;
var historyPropertiesNotAllowed = [
"length", "pushState", "replaceState", "customProperty"
var historyPropertiesAllowed = [
"back", "forward", "go"
for (var i = 0; i < historyPropertiesNotAllowed.length; i++)
shouldBeFalse("canGetDescriptor(targetHistory, '" + historyPropertiesNotAllowed[i] + "')");
for (var i = 0; i < historyPropertiesAllowed.length; i++)
shouldBeTrue("canGetDescriptor(targetHistory, '" + historyPropertiesAllowed[i] + "')");
<p>This test checks cross-frame access security of getOwnPropertyDescriptor (</p>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>