LayoutTests/http/tests/security/cannot-read-cssrules.html - WebKit - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
 <link rel="stylesheet"
       href="http://localhost:8000/security/resources/cssStyle.css">
 <link rel="stylesheet" href="resources/cssStyle.css">
 <link rel="stylesheet"
       href="http://localhost:8000/security/resources/cssStyle.css" crossorigin="">
 <link rel="stylesheet"
       href="http://localhost:8000/security/resources/xorigincss1-allow-star.php" crossorigin="">
 <script>
 if (window.testRunner)
     testRunner.dumpAsText();

 function log(msg) {
     var div = document.createElement("div");
     div.textContent = msg;
     document.getElementById("console").appendChild(div);
 }

 function checkCSSRules(sheet)
 {
     try {
         var cssRules = sheet.cssRules;
         log("cssRules: " + cssRules);
         if (cssRules)
             log("cssRules length: " + cssRules.length);
     } catch(e) {
         log("exception thrown for cssRules: " + e);
     }
     try {
         var rules = sheet.rules;
         log("rules: " + rules);
         if (rules)
             log("rules length: " + rules.length);
     } catch(e) {
         log("exception thrown for rules: " + e);
     }
 }

 window.onload = function() {
     log("Test begins.");
     log("== Cross-Origin resource, no-cors mode ==");
     checkCSSRules(document.styleSheets[0]);
     log("== Same-Origin resource, no-cors mode ==");
     checkCSSRules(document.styleSheets[1]);
     log("== Cross-Origin resource, cors mode, failing cors check ==");
     checkCSSRules(document.styleSheets[2]);
     log("== Cross-Origin resource, cors mode, successful cors check ==");
     checkCSSRules(document.styleSheets[3]);
     log("Test ends.");
 }
 </script>
 </head>
 <body>
 <p>This test whether a script can read the rules from a cross-origin style
 sheet.  For more information on why we block this, please see
 <a href="https://bugs.webkit.org/show_bug.cgi?id=20527">https://bugs.webkit.org/show_bug.cgi?id=20527</a>.
 </p>
 <div id="console"></div>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<link rel="stylesheet"
	href="http://localhost:8000/security/resources/cssStyle.css">
	<link rel="stylesheet" href="resources/cssStyle.css">
	<link rel="stylesheet"
	href="http://localhost:8000/security/resources/cssStyle.css" crossorigin="">
	<link rel="stylesheet"
	href="http://localhost:8000/security/resources/xorigincss1-allow-star.php" crossorigin="">
	<script>
	if (window.testRunner)
	testRunner.dumpAsText();

	function log(msg) {
	var div = document.createElement("div");
	div.textContent = msg;
	document.getElementById("console").appendChild(div);
	}

	function checkCSSRules(sheet)
	{
	try {
	var cssRules = sheet.cssRules;
	log("cssRules: " + cssRules);
	if (cssRules)
	log("cssRules length: " + cssRules.length);
	} catch(e) {
	log("exception thrown for cssRules: " + e);
	}
	try {
	var rules = sheet.rules;
	log("rules: " + rules);
	if (rules)
	log("rules length: " + rules.length);
	} catch(e) {
	log("exception thrown for rules: " + e);
	}
	}

	window.onload = function() {
	log("Test begins.");
	log("== Cross-Origin resource, no-cors mode ==");
	checkCSSRules(document.styleSheets[0]);
	log("== Same-Origin resource, no-cors mode ==");
	checkCSSRules(document.styleSheets[1]);
	log("== Cross-Origin resource, cors mode, failing cors check ==");
	checkCSSRules(document.styleSheets[2]);
	log("== Cross-Origin resource, cors mode, successful cors check ==");
	checkCSSRules(document.styleSheets[3]);
	log("Test ends.");
	}
	</script>
	</head>
	<body>
	<p>This test whether a script can read the rules from a cross-origin style
	sheet. For more information on why we block this, please see
	<a href="https://bugs.webkit.org/show_bug.cgi?id=20527">https://bugs.webkit.org/show_bug.cgi?id=20527</a>.
	</p>
	<div id="console"></div>
	</body>
	</html>