<!DOCTYPE html>
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
<script>
var windowConstructorPropertiesNotAllowed = [
"Attr",
"Audio",
"CDATASection",
"CSSRule",
"CSSStyleDeclaration",
"CharacterData",
"Comment",
"DOMException",
"DOMImplementation",
"DOMParser",
"Document",
"DocumentFragment",
"DocumentType",
"Element",
"EntityReference",
"EvalError",
"Event",
"HTMLAnchorElement",
"HTMLAudioElement",
"HTMLAreaElement",
"HTMLBRElement",
"HTMLBaseElement",
"HTMLBodyElement",
"HTMLButtonElement",
"HTMLCanvasElement",
"HTMLDListElement",
"HTMLDirectoryElement",
"HTMLDivElement",
"HTMLDocument",
"HTMLElement",
"HTMLFieldSetElement",
"HTMLFontElement",
"HTMLFormElement",
"HTMLFrameElement",
"HTMLFrameSetElement",
"HTMLHRElement",
"HTMLHeadElement",
"HTMLHeadingElement",
"HTMLHtmlElement",
"HTMLIFrameElement",
"HTMLImageElement",
"HTMLInputElement",
"HTMLIsIndexElement",
"HTMLLIElement",
"HTMLLabelElement",
"HTMLLegendElement",
"HTMLLinkElement",
"HTMLMapElement",
"HTMLMarqueeElement",
"HTMLMediaElement",
"HTMLMenuElement",
"HTMLMetaElement",
"HTMLModElement",
"HTMLOListElement",
"HTMLOptGroupElement",
"HTMLOptionElement",
"HTMLParagraphElement",
"HTMLParamElement",
"HTMLPreElement",
"HTMLQuoteElement",
"HTMLScriptElement",
"HTMLSelectElement",
"HTMLSourceElement",
"HTMLStyleElement",
"HTMLTableCaptionElement",
"HTMLTableCellElement",
"HTMLTableColElement",
"HTMLTableElement",
"HTMLTableRowElement",
"HTMLTableSectionElement",
"HTMLTextAreaElement",
"HTMLTitleElement",
"HTMLUListElement",
"HTMLVideoElement",
"Image",
"MutationEvent",
"Node",
"NodeFilter",
"Option",
"ProcessingInstruction",
"Range",
"RangeError",
"ReferenceError",
"SyntaxError",
"Text",
"TypeError",
"URIError",
"XMLDocument",
"XMLHttpRequest",
"XMLSerializer",
"XPathEvaluator",
"XPathResult",
"XSLTProcessor"
];
var windowFunctionPropertiesNotAllowed = [
"addEventListener",
"alert",
"atob",
"btoa",
"captureEvents",
"clearInterval",
"clearTimeout",
"confirm",
"find",
"getComputedStyle",
"getMatchedCSSRules",
"getSelection",
"moveBy",
"moveTo",
"open",
"print",
"prompt",
"releaseEvents",
"removeEventListener",
"resizeBy",
"resizeTo",
"scroll",
"scrollBy",
"scrollTo",
"setInterval",
"setTimeout",
"stop"
];
var windowFunctionPropertiesAllowed = [
"blur",
"close",
"focus",
"postMessage",
];
var windowAttributesPropertiesNotAllowed = [
"clientInformation",
"console",
"crypto",
"defaultStatus",
"defaultstatus",
"devicePixelRatio",
"document",
"embeds",
"eval",
"event",
"frameElement",
"images",
"innerHeight",
"innerWidth",
"locationbar",
"menubar",
"name",
"navigator",
"offscreenBuffering",
"onabort",
"onbeforeunload",
"onblur",
"onchange",
"onclick",
"ondblclick",
"onerror",
"onfocus",
"onkeydown",
"onkeypress",
"onkeyup",
"onload",
"onmousedown",
"onmousemove",
"onmouseout",
"onmouseover",
"onmouseup",
"onmousewheel",
"onreset",
"onresize",
"onscroll",
"onsearch",
"onselect",
"onsubmit",
"onunload",
"outerHeight",
"outerWidth",
"pageXOffset",
"pageYOffset",
"personalbar",
"plugins",
"prototype",
"screen",
"screenLeft",
"screenTop",
"screenX",
"screenY",
"scrollX",
"scrollY",
"scrollbars",
"status",
"statusbar",
"toolbar",
"history",
];
var windowAttributesPropertiesAllowed = [
"closed",
"frames",
"length",
"opener",
"parent",
"self",
"top",
"window"
];
window.onload = function()
{
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
window.targetWindow = frames[0];
log("\n----- tests for getting of not allowed properties -----\n");
log("\n----- tests for getting of not allowed Constructors -----\n");
for (var i = 0; i < windowConstructorPropertiesNotAllowed.length; i++) {
var property = windowConstructorPropertiesNotAllowed[i];
shouldBeFalse("canGetDescriptor(targetWindow, '" + property + "')");
}
log("\n----- tests for getting of not allowed Functions -----\n");
for (var i = 0; i < windowFunctionPropertiesNotAllowed.length; i++) {
var property = windowFunctionPropertiesNotAllowed[i];
shouldBeFalse("canGetDescriptor(targetWindow, '" + property + "')");
}
for (var i = 0; i < windowFunctionPropertiesAllowed.length; i++) {
var property = windowFunctionPropertiesAllowed[i];
shouldBeTrue("canGetDescriptor(targetWindow, '" + property + "')");
}
log("\n----- tests for getting of not allowed Attributes -----\n");
for (var i = 0; i < windowAttributesPropertiesNotAllowed.length; i++) {
var property = windowAttributesPropertiesNotAllowed[i];
if (property == "document")
log("Firefox allows access to 'document' but throws an exception when you access its properties.");
shouldBeFalse("canGetDescriptor(targetWindow, '" + property + "')");
}
for (var i = 0; i < windowAttributesPropertiesAllowed.length; i++) {
var property = windowAttributesPropertiesAllowed[i];
shouldBeTrue("canGetDescriptor(targetWindow, '" + property + "')");
}
log("----- tests access to cross domain history object -----");
shouldThrowException("targetWindow.history");
if (window.testRunner)
testRunner.notifyDone();
}
</script>
</head>
<body>
<p>This test checks cross-frame access security of getOwnPropertyDescriptor (https://bugs.webkit.org/show_bug.cgi?id=32119).</p>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
</body>
</html>
Codebase Browser
chromium