<!DOCTYPE html>
<meta charset="utf-8">
<title>HTML Test: Window Security</title>
<link rel="author" title="Intel" href="http://www.intel.com/" />
<link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/browsers.html#the-window-object" />
<link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/timers.html#timers" />
<link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/webappapis.html#atob" />
<link rel="help" href="https://html.spec.whatwg.org/multipage/#windowsessionstorage" />
<link rel="help" href="https://html.spec.whatwg.org/multipage/#windowlocalstorage" />
<link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/browsers.html#window" />
<link rel="help" href="http://dev.w3.org/csswg/cssom/#extensions-to-the-window-interface" />
<link rel="help" href="http://dev.w3.org/csswg/cssom-view/#extensions-to-the-window-interface" />
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<div id="log"></div>
<script>
var t = async_test("Window Security testing");
function fr_load() {
fr = document.getElementById("fr");
t.step(function () {
//SecurityError should be thrown
[
//attributes
{name: "devicePixelRatio"},
{name: "document"},
{name: "external"},
{name: "frameElement"},
{name: "history"},
{name: "innerWidth"},
{name: "innerHeight"},
{name: "locationbar"},
{name: "localStorage"},
{name: "menubar"},
{name: "name"},
{name: "navigator"},
{name: "onabort"},
{name: "onafterprint"},
{name: "onbeforeprint"},
{name: "onbeforeunload"},
{name: "onblur"},
{name: "oncancel"},
{name: "oncanplay"},
{name: "oncanplaythrough"},
{name: "onchange"},
{name: "onclick"},
{name: "onclose"},
{name: "oncontextmenu"},
{name: "oncuechange"},
{name: "ondblclick"},
{name: "ondrag"},
{name: "ondragend"},
{name: "ondragenter"},
{name: "ondragleave"},
{name: "ondragover"},
{name: "ondragstart"},
{name: "ondrop"},
{name: "ondurationchange"},
{name: "onemptied"},
{name: "onended"},
{name: "onerror"},
{name: "onfocus"},
{name: "onhashchange"},
{name: "oninput"},
{name: "oninvalid"},
{name: "onkeydown"},
{name: "onkeypress"},
{name: "onkeyup"},
{name: "onload"},
{name: "onloadeddata"},
{name: "onloadedmetadata"},
{name: "onloadstart"},
{name: "onmessage"},
{name: "onmousedown"},
{name: "onmousemove"},
{name: "onmouseout"},
{name: "onmouseover"},
{name: "onmouseup"},
{name: "onmousewheel"},
{name: "onoffline"},
{name: "ononline"},
{name: "onpause"},
{name: "onplay"},
{name: "onplaying"},
{name: "onpagehide"},
{name: "onpageshow"},
{name: "onpopstate"},
{name: "onprogress"},
{name: "onratechange"},
{name: "onreset"},
{name: "onresize"},
{name: "onscroll"},
{name: "onseeked"},
{name: "onseeking"},
{name: "onselect"},
{name: "onstalled"},
{name: "onstorage"},
{name: "onsubmit"},
{name: "onsuspend"},
{name: "ontimeupdate"},
{name: "onunload"},
{name: "onvolumechange"},
{name: "onwaiting"},
{name: "pageXOffset"},
{name: "pageYOffset"},
{name: "personalbar"},
{name: "screen"},
{name: "scrollbars"},
{name: "statusbar"},
{name: "status"},
{name: "screenX"},
{name: "screenY"},
{name: "sessionStorage"},
{name: "toolbar"},
//methods
{name: "alert", isMethod: true},
{name: "clearInterval", isMethod: true, args:[1]},
{name: "clearTimeout", isMethod: true, args:[function () {}, 1]},
{name: "confirm", isMethod: true},
{name: "getComputedStyle", isMethod: true, args:[document.body, null]},
{name: "getSelection", isMethod: true},
{name: "matchMedia", isMethod: true, args:["(min-width:50px)"]},
{name: "moveBy", isMethod: true, args:[10, 10]},
{name: "moveTo", isMethod: true, args:[10, 10]},
{name: "open", isMethod: true},
{name: "print", isMethod: true},
{name: "prompt", isMethod: true},
{name: "resizeTo", isMethod: true, args:[10, 10]},
{name: "resizeBy", isMethod: true, args:[10, 10]},
{name: "scroll", isMethod: true, args:[10, 10]},
{name: "scrollTo", isMethod: true, args:[10, 10]},
{name: "scrollBy", isMethod: true, args:[10, 10]},
{name: "setInterval", isMethod: true, args:[function () {}, 1]},
{name: "setTimeout", isMethod: true, args:[function () {}, 1]},
{name: "stop", isMethod: true},
].forEach(function (item) {
test(function () {
assert_true(item.name in window, "window." + item.name + " should exist.");
assert_throws_dom("SecurityError", function () {
if (item.isMethod)
if (item.args)
fr.contentWindow[item.name](item.args[0], item.args[1]);
else
fr.contentWindow[item.name]();
else
fr.contentWindow[item.name];
}, "A SecurityError exception should be thrown.");
}, "A SecurityError exception must be thrown when window." + item.name + " is accessed from a different origin.");
});
//SecurityError should not be thrown
[
//attributes
{name: "closed"},
{name: "frames"},
{name: "length"},
{name: "location"},
{name: "opener"},
{name: "parent"},
{name: "self"},
{name: "top"},
{name: "window"},
//methods
{name: "blur", isMethod: true},
{name: "close", isMethod: true},
{name: "focus", isMethod: true},
{name: "postMessage", isMethod: true, args: [{msg: 'foo'}, "*"]}
].forEach(function (item) {
test(function () {
assert_true(item.name in window, "window." + item.name + " should exist.");
try {
if (item.isMethod)
if (item.args)
fr.contentWindow[item.name](item.args[0], item.args[1]);
else
fr.contentWindow[item.name]();
else
fr.contentWindow[item.name];
} catch (e) {
assert_unreached("An unexpected exception was thrown.");
}
}, "A SecurityError exception should not be thrown when window." + item.name + " is accessed from a different origin.");
});
});
t.done();
}
</script>
<script>
onload = function() {
var frame = document.createElement('iframe');
frame.id = "fr";
frame.setAttribute("style", "display:none");
frame.setAttribute('src', get_host_info().HTTPS_REMOTE_ORIGIN + "/");
frame.setAttribute("onload", "fr_load()");
document.body.appendChild(frame);
}
</script>
Codebase Browser
chromium