<!DOCTYPE html>
<html>
<head>
<script src="/js-test-resources/js-test.js"></script>
</head>
<body>
<iframe id="cross-origin-frame"
src="http://localhost:8000/resources/dummy.html">
</iframe>
<script>
description("Cross-origin access through 'get' and 'set' in a property descriptor should throw a SecurityError.");
window.jsTestIsAsync = true;
var targetFrame = window['cross-origin-frame'];
shouldBeNonNull(targetFrame);
var targetWindow = targetFrame.contentWindow;
shouldBeNonNull(targetWindow);
var pathnameDescriptor = Object.getOwnPropertyDescriptor(location, "pathname");
shouldBeNonNull("pathnameDescriptor");
shouldBe("typeof pathnameDescriptor.get", '"function"');
shouldBe("typeof pathnameDescriptor.set", '"function"');
var devicePixelRatioDescriptor = Object.getOwnPropertyDescriptor(window, "devicePixelRatio");
shouldBeNonNull("devicePixelRatio");
shouldBe("typeof devicePixelRatioDescriptor.get", '"function"');
shouldBe("typeof devicePixelRatioDescriptor.set", '"function"');
targetFrame.onload = function() {
shouldThrow("pathnameDescriptor.get.call(targetWindow.location)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
shouldThrow("pathnameDescriptor.set.call(targetWindow.location, 1)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
shouldThrow("devicePixelRatioDescriptor.get.call(targetWindow)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
shouldThrow("devicePixelRatioDescriptor.set.call(targetWindow, 1)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
finishJSTest();
};
</script>
</body>
</html>
Codebase Browser
chromium