<html>
<head>
<script src="../resources/cross-frame-access.js"></script>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.dumpChildFrames();
testRunner.waitUntilDone();
}
function loaded() {
var innerURL = 'data:text/html,<html>'
+ "<head>"
+ "<scr" + "ipt>"
+ "function fireSentinel() {"
+ "window.top.postMessage(\"perform test\", \"*\");"
+ "}"
+ "</scr" + "ipt>"
+ "</head>"
+ "<body onload=\"fireSentinel();\">"
+ "<p id=\"accessMe\">PASS: Cross frame access to a data: URL 2 levels deep was denied.</p>"
+ "<p>Inner-inner iframe.</p>"
+ "</body>"
+ '</html>';
var url = "data:text/html,<html>"
+ "<body>"
+ "<p>Inner iframe.</p>"
+ "<iframe src='" + innerURL + "'></iframe>"
+ "</body>"
+ "</html>";
window.addEventListener('message', performTest);
var iframe = document.getElementById("aFrame");
iframe.src = url;
}
function performTest() {
try {
var innerInnerFrame = window.frames[0].frames[0];
if (innerInnerFrame.document.getElementById('accessMe')) {
innerInnerFrame.document.getElementById('accessMe').innerHTML = 'FAIL: Cross frame access to a data: URL 2 levels deep was allowed.';
log('FAIL: Cross frame access to a data: URL 2 levels deep was allowed.');
if (window.testRunner)
testRunner.notifyDone();
return;
}
} catch (e) {
}
log('PASS: Cross frame access to a data: URL 2 levels deep was denied.');
if (window.testRunner)
testRunner.notifyDone();
}
</script>
</head>
<body onload="loaded();">
<p>This tests that the main frame doesn't have access to a data: URL loaded in an iframe inside another data: URL loaded iframe.</p>
<iframe id="aFrame" name="aFrame" style="width: 500px; height: 300px;"></iframe>
<pre id='console'></pre>
</body>
</html>
Codebase Browser
chromium