LayoutTests/http/tests/security/cross-frame-access-call.html - WebKit - Git at Google

 <html>
 <head>
     <script src="/js-test-resources/js-test-pre.js"></script>
     <script src="resources/cross-frame-access.js"></script>
 </head>
 <body>
 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
 <pre id="console"></pre>
 <script>
 description("Tests for calling methods of another frame using Function.call");
 jsTestIsAsync = true;

 window.targetWindow = frames[0];

 window.onload = function()
 {
     if (window.testRunner)
         testRunner.setCanOpenWindows(true);

     // Allowed
     // void focus();
     // void blur();
     // void close();
     // void postMessage(in DOMString message);

     // - Tests for the Window object -
     // undefined value indicates failure
     shouldThrowErrorName("window.setTimeout.call(targetWindow, 'void(0);', 0)", "SecurityError");
     shouldThrowErrorName("window.setInterval.call(targetWindow, 'void(0);', 0)", "SecurityError");
     shouldThrowErrorName("window.getSelection.call(targetWindow)", "SecurityError");
     shouldThrowErrorName("window.find.call(targetWindow, 'string', false, false, false, false, false, false)", "SecurityError");
     shouldThrowErrorName("window.confirm.call(targetWindow, 'message')", "SecurityError");
     shouldThrowErrorName("window.prompt.call(targetWindow, 'message', 'defaultValue')", "SecurityError");
     shouldThrowErrorName("window.getComputedStyle.call(targetWindow, document.body, '')", "SecurityError");
     shouldThrowErrorName("window.getMatchedCSSRules.call(targetWindow, document.body, '')", "SecurityError");
     shouldThrowErrorName("window.openDatabase.call(targetWindow, 'name', '1.0', 'description', 0)", "SecurityError");
     shouldThrowErrorName("window.atob.call(targetWindow, 'string')", "SecurityError");
     shouldThrowErrorName("window.btoa.call(targetWindow, 'string')", "SecurityError");
     shouldThrowErrorName("window.open.call(targetWindow, '')", "SecurityError");

     // These always return undefined so we use the error console to detect failure
     shouldThrowErrorName("window.addEventListener.call(targetWindow, 'load', null, false);", "SecurityError");
     shouldThrowErrorName("window.removeEventListener.call(targetWindow, 'load', null, false);", "SecurityError");
     shouldThrowErrorName("window.dispatchEvent.call(targetWindow, new Event('click'));", "SecurityError");
     shouldThrowErrorName("window.clearTimeout.call(targetWindow, 0);", "SecurityError");
     shouldThrowErrorName("window.clearInterval.call(targetWindow, 0);", "SecurityError");
     shouldThrowErrorName("window.print.call(targetWindow);", "SecurityError");
     shouldThrowErrorName("window.stop.call(targetWindow);", "SecurityError");
     shouldThrowErrorName("window.alert.call(targetWindow, 'message');", "SecurityError");
     shouldThrowErrorName("window.scrollBy.call(targetWindow, 0, 0);", "SecurityError");
     shouldThrowErrorName("window.scrollTo.call(targetWindow, 0, 0);", "SecurityError");
     shouldThrowErrorName("window.scroll.call(targetWindow, 0, 0);", "SecurityError");
     shouldThrowErrorName("window.moveBy.call(targetWindow, 0, 0);", "SecurityError");
     shouldThrowErrorName("window.moveTo.call(targetWindow, 0, 0);", "SecurityError");
     shouldThrowErrorName("window.resizeBy.call(targetWindow, 0, 0);", "SecurityError");
     shouldThrowErrorName("window.resizeTo.call(targetWindow, 0, 0);", "SecurityError");
     shouldThrowErrorName("window.showModalDialog.call(targetWindow);", "SecurityError");

     // Throws an EvalError and logs to the error console
     shouldBe("window.eval.call(targetWindow, '1+2');", '3');

     // - Tests for the Location object -
     // undefined value indicates failure
     shouldThrowErrorName("window.location.toString.call(targetWindow.location)", "SecurityError");

     // - Tests for the History object -
     shouldThrowErrorName("targetWindow.history", "SecurityError");

     // Work around DRT bug that causes subsequent tests to fail.
     window.stop();

     finishJSTest();
 }
 </script>
 <script src="/js-test-resources/js-test-post.js"></script>
 </body>
 </html>
	<html>
	<head>
	<script src="/js-test-resources/js-test-pre.js"></script>
	<script src="resources/cross-frame-access.js"></script>
	</head>
	<body>
	<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
	<pre id="console"></pre>
	<script>
	description("Tests for calling methods of another frame using Function.call");
	jsTestIsAsync = true;

	window.targetWindow = frames[0];

	window.onload = function()
	{
	if (window.testRunner)
	testRunner.setCanOpenWindows(true);

	// Allowed
	// void focus();
	// void blur();
	// void close();
	// void postMessage(in DOMString message);

	// - Tests for the Window object -
	// undefined value indicates failure
	shouldThrowErrorName("window.setTimeout.call(targetWindow, 'void(0);', 0)", "SecurityError");
	shouldThrowErrorName("window.setInterval.call(targetWindow, 'void(0);', 0)", "SecurityError");
	shouldThrowErrorName("window.getSelection.call(targetWindow)", "SecurityError");
	shouldThrowErrorName("window.find.call(targetWindow, 'string', false, false, false, false, false, false)", "SecurityError");
	shouldThrowErrorName("window.confirm.call(targetWindow, 'message')", "SecurityError");
	shouldThrowErrorName("window.prompt.call(targetWindow, 'message', 'defaultValue')", "SecurityError");
	shouldThrowErrorName("window.getComputedStyle.call(targetWindow, document.body, '')", "SecurityError");
	shouldThrowErrorName("window.getMatchedCSSRules.call(targetWindow, document.body, '')", "SecurityError");
	shouldThrowErrorName("window.openDatabase.call(targetWindow, 'name', '1.0', 'description', 0)", "SecurityError");
	shouldThrowErrorName("window.atob.call(targetWindow, 'string')", "SecurityError");
	shouldThrowErrorName("window.btoa.call(targetWindow, 'string')", "SecurityError");
	shouldThrowErrorName("window.open.call(targetWindow, '')", "SecurityError");

	// These always return undefined so we use the error console to detect failure
	shouldThrowErrorName("window.addEventListener.call(targetWindow, 'load', null, false);", "SecurityError");
	shouldThrowErrorName("window.removeEventListener.call(targetWindow, 'load', null, false);", "SecurityError");
	shouldThrowErrorName("window.dispatchEvent.call(targetWindow, new Event('click'));", "SecurityError");
	shouldThrowErrorName("window.clearTimeout.call(targetWindow, 0);", "SecurityError");
	shouldThrowErrorName("window.clearInterval.call(targetWindow, 0);", "SecurityError");
	shouldThrowErrorName("window.print.call(targetWindow);", "SecurityError");
	shouldThrowErrorName("window.stop.call(targetWindow);", "SecurityError");
	shouldThrowErrorName("window.alert.call(targetWindow, 'message');", "SecurityError");
	shouldThrowErrorName("window.scrollBy.call(targetWindow, 0, 0);", "SecurityError");
	shouldThrowErrorName("window.scrollTo.call(targetWindow, 0, 0);", "SecurityError");
	shouldThrowErrorName("window.scroll.call(targetWindow, 0, 0);", "SecurityError");
	shouldThrowErrorName("window.moveBy.call(targetWindow, 0, 0);", "SecurityError");
	shouldThrowErrorName("window.moveTo.call(targetWindow, 0, 0);", "SecurityError");
	shouldThrowErrorName("window.resizeBy.call(targetWindow, 0, 0);", "SecurityError");
	shouldThrowErrorName("window.resizeTo.call(targetWindow, 0, 0);", "SecurityError");
	shouldThrowErrorName("window.showModalDialog.call(targetWindow);", "SecurityError");

	// Throws an EvalError and logs to the error console
	shouldBe("window.eval.call(targetWindow, '1+2');", '3');

	// - Tests for the Location object -
	// undefined value indicates failure
	shouldThrowErrorName("window.location.toString.call(targetWindow.location)", "SecurityError");

	// - Tests for the History object -
	shouldThrowErrorName("targetWindow.history", "SecurityError");

	// Work around DRT bug that causes subsequent tests to fail.
	window.stop();

	finishJSTest();
	}
	</script>
	<script src="/js-test-resources/js-test-post.js"></script>
	</body>
	</html>