<html>
<head>
<script src="../resources/cross-frame-access.js"></script>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.dumpChildFrames();
testRunner.waitUntilDone();
}
function loaded() {
// This has to be broken into parts so that when it is included below the <script> tags
// are not interpreted as closing the current script context.
var innerURLFirstPart = "data:text/html,<html>"
+ "<head>"
+ "<scr";
var innerURLSecondPart = "ipt>"
+ "function fireSentinel() {"
+ "window.parent.postMessage(\"perform test\", \"*\");"
+ "}"
+ "</scr";
var innerURLThirdPart = "ipt>"
+ "</head>"
+ "<body onload=\"fireSentinel();\">"
+ "<p id=\"accessMe\">PASS: Cross frame access from a data: URL was denied.</p>"
+ "<p>Inner-inner iframe.</p>"
+ "</body>"
+ "</html>";
var url = "data:text/html,<html>"
+ "<head>"
+ "<scr" + "ipt>"
+ "function loaded() {"
+ "window.addEventListener('message', performTest);"
+ "var iframe = document.getElementById('inner');"
+ "iframe.src = '" + innerURLFirstPart + "' + '" + innerURLSecondPart + "' + '" + innerURLThirdPart + "';"
+ "}"
+ "function performTest() {"
+ "try {"
+ "frames[0].document.getElementById('accessMe').innerHTML = 'FAIL: Cross frame access from a data: URL was allowed.';"
+ "} catch (e) {"
+ "}"
+ "if (window.testRunner)"
+ "testRunner.notifyDone();"
+ "}"
+ "</scr" + "ipt>"
+ "</head>"
+ "<body onload='loaded();'>"
+ "<iframe id='inner' name='inner'></iframe>"
+ "<p>Inner iframe.</p>"
+ "<pre id='console'></pre>"
+ "</body>"
+ "</html>";
var iframe = document.getElementById("aFrame");
iframe.src = url;
}
</script>
</head>
<body onload="loaded();">
<p>This tests that a data: URL subframe can't access a child data: URL subframe of itself.</p>
<iframe name="aFrame" id="aFrame" style="width: 500px; height: 300px;"></iframe>
</body>
</html>
Codebase Browser
chromium