<html>
<head>
<script src="../resources/cross-frame-access.js"></script>
<script>
window.onload = function()
{
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.dumpChildFrames();
testRunner.waitUntilDone();
}
window.addEventListener('message', function ()
{
runTest();
testRunner.notifyDone();
});
}
runTest = function()
{
try {
window[0][0].document.getElementById('accessMe').innerHTML = "FAIL: Cross frame access to a data: URL embed in a frame on a foreign domain allowed.";
log("FAIL: Cross frame access to a data: URL embed in a frame on a foreign domain allowed.");
return;
} catch (e) {
}
log("PASS: Cross frame access to a data: URL embed in a frame on a foreign domain denied!");
}
</script>
</head>
<body>
<p>The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content
is an iframe which loads a data: URL. This tests that this main document does not have access to that
data: URL loaded iframe.</p>
<iframe src="http://localhost:8000/security/dataURL/resources/foreign-domain-data-url-accessee-iframe.html" style="width: 400px; height:200px;"></iframe>
<pre id="console"></pre>
</body>
</html>
Codebase Browser
chromium