blob: 19ed5418ea5f2d3751b3e3df05c717fa6762f71e [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script src="/resources/js-test-pre.js"></script>
<script>
if (window.testRunner)
testRunner.setXSSAuditorEnabled(true);
window.jsTestIsAsync = true;
function checkFrames() {
shouldBeNull('xssed.contentDocument');
shouldBe('xssed.contentDocument', 'crossorigin.contentDocument');
shouldThrowErrorName('xssed.contentWindow.location.href', 'SecurityError');
shouldThrowErrorName('crossorigin.contentWindow.location.href', 'SecurityError');
finishJSTest();
}
var xssed;
var crossorigin;
window.onload = function () {
xssed = document.getElementById('xssed');
crossorigin = document.getElementById('crossorigin');
xssed.onload = checkFrames;
xssed.src = 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/block-does-not-leak-location.html&enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53));<' + '/script>';
};
</script>
<script src='/resources/js-test-post.js'></script>
</head>
<body>
<iframe id='xssed'></iframe>
<iframe id='crossorigin' src='http://localhost:8000/security/resources/innocent-victim.html'></iframe>
</body>
</html>