<html>
<head>
<script>
if (window.testRunner) {
testRunner.clearBackForwardList();
testRunner.dumpAsText();
}
function log(txt)
{
document.getElementById("logger").innerText += txt + "\n";
}
function tryURL(url)
{
try {
history.pushState(null, null, url);
log("Trying to pushState() with url " + url + " succeeded, but should've failed.");
} catch(e) {
log("Trying to pushState() with url " + url + " failed with exception " + e);
}
log("History length is " + history.length);
try {
history.replaceState(null, null, url);
log("Trying to replaceState() with url " + url + " succeeded, but should've failed.");
} catch(e) {
log("Trying to replaceState() with url " + url + " failed with exception " + e);
}
log("History length is " + history.length);
}
var URLsToTry = new Array(
"http://localhost/test.html",
"http://localhost:8001/test.html",
"http://www.webkit.org/test.html",
"http://www.webkit.org/",
"ftp://www.webkit.org/",
"file://anyfile.html/"
);
function runTest()
{
for (n in URLsToTry)
tryURL(URLsToTry[n]);
}
</script>
<body onload="runTest();">
<pre>
This test makes sure that calls to pushState() and replaceState() with URLs that violate the security origin check fail as expected.
</pre><br>
<pre id="logger"></pre>
</body>
</html>
Codebase Browser
chromium