<p>This test checks cross-frame access security of window attribute setters (rdar://problem/5326791).</p>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
function log(s)
{
document.getElementById("console").appendChild(document.createTextNode(s + "\n"));
}
function setForbiddenProperty(obj, prop)
{
try {
obj[prop] = "FAIL!! CUSTOM " + prop;
} catch (ex) {
log("PASS: Unable to set property " + prop + ": " + ex);
}
}
window.targetWindow = window.frames[0];
window.onload = function()
{
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
// FIXME: This test should use fast/window/resources/window-properties.js instead of a custom list.
// Constructors
setForbiddenProperty(targetWindow, "Attr");
setForbiddenProperty(targetWindow, "CDATASection");
setForbiddenProperty(targetWindow, "CharacterData");
setForbiddenProperty(targetWindow, "Comment");
setForbiddenProperty(targetWindow, "CSSRule");
setForbiddenProperty(targetWindow, "CSSStyleDeclaration");
setForbiddenProperty(targetWindow, "Document");
setForbiddenProperty(targetWindow, "DocumentFragment");
setForbiddenProperty(targetWindow, "DocumentType");
setForbiddenProperty(targetWindow, "DOMException");
setForbiddenProperty(targetWindow, "DOMImplementation");
setForbiddenProperty(targetWindow, "DOMParser");
setForbiddenProperty(targetWindow, "Element");
setForbiddenProperty(targetWindow, "EvalError");
setForbiddenProperty(targetWindow, "Event");
setForbiddenProperty(targetWindow, "HTMLAnchorElement");
setForbiddenProperty(targetWindow, "HTMLAreaElement");
setForbiddenProperty(targetWindow, "HTMLBaseElement");
setForbiddenProperty(targetWindow, "HTMLBodyElement");
setForbiddenProperty(targetWindow, "HTMLBRElement");
setForbiddenProperty(targetWindow, "HTMLButtonElement");
setForbiddenProperty(targetWindow, "HTMLCanvasElement");
setForbiddenProperty(targetWindow, "HTMLDirectoryElement");
setForbiddenProperty(targetWindow, "HTMLDivElement");
setForbiddenProperty(targetWindow, "HTMLDListElement");
setForbiddenProperty(targetWindow, "HTMLDocument");
setForbiddenProperty(targetWindow, "HTMLElement");
setForbiddenProperty(targetWindow, "HTMLFieldSetElement");
setForbiddenProperty(targetWindow, "HTMLFontElement");
setForbiddenProperty(targetWindow, "HTMLFormElement");
setForbiddenProperty(targetWindow, "HTMLFrameElement");
setForbiddenProperty(targetWindow, "HTMLFrameSetElement");
setForbiddenProperty(targetWindow, "HTMLHeadElement");
setForbiddenProperty(targetWindow, "HTMLHeadingElement");
setForbiddenProperty(targetWindow, "HTMLHRElement");
setForbiddenProperty(targetWindow, "HTMLHtmlElement");
setForbiddenProperty(targetWindow, "HTMLIFrameElement");
setForbiddenProperty(targetWindow, "HTMLImageElement");
setForbiddenProperty(targetWindow, "HTMLInputElement");
setForbiddenProperty(targetWindow, "HTMLLabelElement");
setForbiddenProperty(targetWindow, "HTMLLegendElement");
setForbiddenProperty(targetWindow, "HTMLLIElement");
setForbiddenProperty(targetWindow, "HTMLLinkElement");
setForbiddenProperty(targetWindow, "HTMLMapElement");
setForbiddenProperty(targetWindow, "HTMLMarqueeElement");
setForbiddenProperty(targetWindow, "HTMLMenuElement");
setForbiddenProperty(targetWindow, "HTMLMetaElement");
setForbiddenProperty(targetWindow, "HTMLModElement");
setForbiddenProperty(targetWindow, "HTMLOListElement");
setForbiddenProperty(targetWindow, "HTMLOptGroupElement");
setForbiddenProperty(targetWindow, "HTMLOptionElement");
setForbiddenProperty(targetWindow, "HTMLParagraphElement");
setForbiddenProperty(targetWindow, "HTMLParamElement");
setForbiddenProperty(targetWindow, "HTMLPreElement");
setForbiddenProperty(targetWindow, "HTMLQuoteElement");
setForbiddenProperty(targetWindow, "HTMLScriptElement");
setForbiddenProperty(targetWindow, "HTMLSelectElement");
setForbiddenProperty(targetWindow, "HTMLStyleElement");
setForbiddenProperty(targetWindow, "HTMLTableCaptionElement");
setForbiddenProperty(targetWindow, "HTMLTableCellElement");
setForbiddenProperty(targetWindow, "HTMLTableColElement");
setForbiddenProperty(targetWindow, "HTMLTableElement");
setForbiddenProperty(targetWindow, "HTMLTableRowElement");
setForbiddenProperty(targetWindow, "HTMLTableSectionElement");
setForbiddenProperty(targetWindow, "HTMLTextAreaElement");
setForbiddenProperty(targetWindow, "HTMLTitleElement");
setForbiddenProperty(targetWindow, "HTMLUListElement");
setForbiddenProperty(targetWindow, "MutationEvent");
setForbiddenProperty(targetWindow, "Node");
setForbiddenProperty(targetWindow, "NodeFilter");
setForbiddenProperty(targetWindow, "ProcessingInstruction");
setForbiddenProperty(targetWindow, "Range");
setForbiddenProperty(targetWindow, "RangeError");
setForbiddenProperty(targetWindow, "ReferenceError");
setForbiddenProperty(targetWindow, "SyntaxError");
setForbiddenProperty(targetWindow, "Text");
setForbiddenProperty(targetWindow, "TypeError");
setForbiddenProperty(targetWindow, "URIError");
setForbiddenProperty(targetWindow, "XMLDocument");
setForbiddenProperty(targetWindow, "XMLSerializer");
setForbiddenProperty(targetWindow, "XPathEvaluator");
setForbiddenProperty(targetWindow, "XPathResult");
// FIXME: find a way to test these Constructors
// setForbiddenProperty(targetWindow, "Image");
// setForbiddenProperty(targetWindow, "Option");
// setForbiddenProperty(targetWindow, "XMLHttpRequest");
// setForbiddenProperty(targetWindow, "XSLTProcessor");
// Attributes
setForbiddenProperty(targetWindow, "clientInformation");
setForbiddenProperty(targetWindow, "closed");
setForbiddenProperty(targetWindow, "console");
setForbiddenProperty(targetWindow, "crypto");
setForbiddenProperty(targetWindow, "defaultStatus");
setForbiddenProperty(targetWindow, "defaultstatus");
setForbiddenProperty(targetWindow, "devicePixelRatio");
setForbiddenProperty(targetWindow, "document");
setForbiddenProperty(targetWindow, "embeds");
setForbiddenProperty(targetWindow, "event");
setForbiddenProperty(targetWindow, "frameElement");
setForbiddenProperty(targetWindow, "frames");
setForbiddenProperty(targetWindow, "history");
setForbiddenProperty(targetWindow, "images");
setForbiddenProperty(targetWindow, "innerHeight");
setForbiddenProperty(targetWindow, "innerWidth");
setForbiddenProperty(targetWindow, "length");
setForbiddenProperty(targetWindow, "locationbar");
setForbiddenProperty(targetWindow, "menubar");
setForbiddenProperty(targetWindow, "name");
setForbiddenProperty(targetWindow, "navigator");
setForbiddenProperty(targetWindow, "offscreenBuffering");
setForbiddenProperty(targetWindow, "onabort");
setForbiddenProperty(targetWindow, "onbeforeunload");
setForbiddenProperty(targetWindow, "onblur");
setForbiddenProperty(targetWindow, "onchange");
setForbiddenProperty(targetWindow, "onclick");
setForbiddenProperty(targetWindow, "ondblclick");
setForbiddenProperty(targetWindow, "onerror");
setForbiddenProperty(targetWindow, "onfocus");
setForbiddenProperty(targetWindow, "onkeydown");
setForbiddenProperty(targetWindow, "onkeypress");
setForbiddenProperty(targetWindow, "onkeyup");
setForbiddenProperty(targetWindow, "onload");
setForbiddenProperty(targetWindow, "onmousedown");
setForbiddenProperty(targetWindow, "onmousemove");
setForbiddenProperty(targetWindow, "onmouseout");
setForbiddenProperty(targetWindow, "onmouseover");
setForbiddenProperty(targetWindow, "onmouseup");
setForbiddenProperty(targetWindow, "onmousewheel");
setForbiddenProperty(targetWindow, "onreset");
setForbiddenProperty(targetWindow, "onresize");
setForbiddenProperty(targetWindow, "onscroll");
setForbiddenProperty(targetWindow, "onsearch");
setForbiddenProperty(targetWindow, "onselect");
setForbiddenProperty(targetWindow, "onsubmit");
setForbiddenProperty(targetWindow, "onunload");
setForbiddenProperty(targetWindow, "opener");
setForbiddenProperty(targetWindow, "outerHeight");
setForbiddenProperty(targetWindow, "outerWidth");
setForbiddenProperty(targetWindow, "pageXOffset");
setForbiddenProperty(targetWindow, "pageYOffset");
setForbiddenProperty(targetWindow, "personalbar");
setForbiddenProperty(targetWindow, "plugins");
setForbiddenProperty(targetWindow, "screen");
setForbiddenProperty(targetWindow, "screenLeft");
setForbiddenProperty(targetWindow, "screenTop");
setForbiddenProperty(targetWindow, "screenX");
setForbiddenProperty(targetWindow, "screenY");
setForbiddenProperty(targetWindow, "scrollbars");
setForbiddenProperty(targetWindow, "scrollX");
setForbiddenProperty(targetWindow, "scrollY");
setForbiddenProperty(targetWindow, "self");
setForbiddenProperty(targetWindow, "status");
setForbiddenProperty(targetWindow, "statusbar");
setForbiddenProperty(targetWindow, "toolbar");
setForbiddenProperty(targetWindow, "window");
setForbiddenProperty(targetWindow, "parent");
// Functions
setForbiddenProperty(targetWindow, "addEventListener");
setForbiddenProperty(targetWindow, "alert");
setForbiddenProperty(targetWindow, "atob");
setForbiddenProperty(targetWindow, "blur");
setForbiddenProperty(targetWindow, "btoa");
setForbiddenProperty(targetWindow, "captureEvents");
setForbiddenProperty(targetWindow, "clearInterval");
setForbiddenProperty(targetWindow, "clearTimeout");
setForbiddenProperty(targetWindow, "close");
setForbiddenProperty(targetWindow, "confirm");
setForbiddenProperty(targetWindow, "constructor");
setForbiddenProperty(targetWindow, "eval");
setForbiddenProperty(targetWindow, "find");
setForbiddenProperty(targetWindow, "focus");
setForbiddenProperty(targetWindow, "getComputedStyle");
setForbiddenProperty(targetWindow, "getMatchedCSSRules");
setForbiddenProperty(targetWindow, "getSelection");
setForbiddenProperty(targetWindow, "moveBy");
setForbiddenProperty(targetWindow, "moveTo");
setForbiddenProperty(targetWindow, "open");
setForbiddenProperty(targetWindow, "print");
setForbiddenProperty(targetWindow, "prompt");
setForbiddenProperty(targetWindow, "releaseEvents");
setForbiddenProperty(targetWindow, "removeEventListener");
setForbiddenProperty(targetWindow, "resizeBy");
setForbiddenProperty(targetWindow, "resizeTo");
setForbiddenProperty(targetWindow, "scroll");
setForbiddenProperty(targetWindow, "scrollBy");
setForbiddenProperty(targetWindow, "scrollTo");
setForbiddenProperty(targetWindow, "setInterval");
setForbiddenProperty(targetWindow, "setTimeout");
setForbiddenProperty(targetWindow, "stop");
// Ask the child frame to verify that our xss attempt above
// didn't modify any actual values. The child frame will
// post "TEST-COMPLETED" when the verification is done.
window.addEventListener("message", receiveMessage, false);
targetWindow.postMessage("READY-FOR-OLD-VALUES-VERIFICATION", "*");
function receiveMessage(event) {
if (event.data != "TEST-COMPLETED") {
log("UNEXPECTED MESSAGE: " + event.data);
return;
}
// log(targetWindow.focus.__proto__);
log("MAIN WINDOW: !!-- Test ended--!!");
window.stop();
if (window.testRunner)
testRunner.notifyDone();
}
}
</script>
Codebase Browser
chromium