Google Git
Sign in
webkit / WebKit / d3072e52a6540fa386303b60cdfe52c38def55fd / . / LayoutTests / http / tests / security / cross-frame-access-enumeration.html
blob: 63dbceb184afefb7bfd92852ffb8997ac011cca1 [file] [log] [blame]
<html>
<head>
<script src='/resources/js-test-pre.js'></script>
<script src="resources/cross-frame-access.js"></script>
<script>
description("Tests enumeration of Window / Location properties cross origin.");
jsTestIsAsync = true;
window.onload = function()
{
if (window.testRunner) {
setTimeout(pollForTest, 1);
} else {
log("To run the test, click the button below when the frame finishes loading.");
var button = document.createElement("button");
button.appendChild(document.createTextNode("Run Test"));
button.onclick = runTest;
document.body.appendChild(button);
}
}
pollForTest = function()
{
if (!testRunner.globalFlag) {
setTimeout(pollForTest, 1);
return;
}
runTest();
finishJSTest();
}
runTest = function()
{
// Test enumerating the Window object
b_win = document.getElementsByTagName("iframe")[0].contentWindow;
try {
for (var k in b_win) {
if (k == "customWindowProperty") {
log("FAIL: Cross frame access by enumerating the window object was allowed.");
return;
}
}
} catch (e) {
}
log("PASS: Cross frame access by enumerating the window object was denied.");
var b_winKeys = Object.keys(b_win);
if (b_winKeys.indexOf("customWindowProperty") != -1) {
log("FAIL: Cross frame access by getting the keys of the window object was allowed.");
return;
}
log("PASS: Cross frame access by getting the keys of the window object was denied.");
var b_winPropertyNames = Object.getOwnPropertyNames(b_win);
if (b_winPropertyNames.indexOf("customWindowProperty") != -1) {
log("FAIL: Cross frame access by getting the property names of the window object was allowed.");
return;
}
log("PASS: Cross frame access by getting the property names of the window object was denied.");
// Test enumerating the Location object
var b_win_location = b_win.location;
try {
for (var k in b_win_location) {
if (k == "customLocationProperty") {
log("FAIL: Cross frame access by enumerating the Location object was allowed.");
return;
}
}
} catch (e) {
}
log("PASS: Cross frame access by enumerating the Location object was denied.");
var b_winLocationKeys = Object.keys(b_win_location);
if (b_winLocationKeys.indexOf("customLocationProperty") != -1) {
log("FAIL: Cross frame access by getting the keys of the Location object was allowed.");
return;
}
log("PASS: Cross frame access by getting the keys of the Location object was denied.");
var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_win_location);
if (b_winLocationPropertyNames.indexOf("customLocationProperty") != -1) {
log("FAIL: Cross frame access by getting the property names of the Location object was allowed.");
return;
}
log("PASS: Cross frame access by getting the property names of the Location object was denied.");
whitelistedWindowProperties = ['0', '1', '2', 'blur', 'close', 'closed', 'focus', 'frames', 'length', 'location', 'opener', 'parent', 'postMessage', 'self', 'top', 'window', 'frameA', 'frameC'];
whitelistedLocationProperties = ['href', 'replace'];
whitelistedSymbols = [Symbol.toStringTag, Symbol.hasInstance, Symbol.isConcatSpreadable];
shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win), whitelistedWindowProperties)");
shouldBeTrue("areArraysEqual(Reflect.ownKeys(b_win), whitelistedWindowProperties.concat(whitelistedSymbols))");
shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win.location), whitelistedLocationProperties)");
shouldBeTrue("areArraysEqual(Reflect.ownKeys(b_win.location), whitelistedLocationProperties.concat(whitelistedSymbols))");
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-enumeration-test.html"></iframe>
<script src='/resources/js-test-post.js'></script>
</body>
</html>