<html>
<head>
<script src="../resources/cross-frame-access.js"></script>
<script>
window.onload = function()
{
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.dumpChildFrames();
testRunner.waitUntilDone();
}
window.addEventListener('message', function ()
{
runTest();
if (window.testRunner)
testRunner.notifyDone();
});
document.getElementById('testFrame').src="http://localhost:8000/security/javascriptURL/resources/foreign-domain-javascript-url-accessee-iframe.html"
}
function runTest()
{
try {
window[0][0].document.getElementById('accessMe').innerHTML = "FAIL: Cross frame access to a javascript: URL embed in a frame on a foreign domain allowed.";
log("FAIL: Cross frame access to a javascript: URL embed in a frame on a foreign domain allowed.");
return;
} catch (e) {
}
log("PASS: Cross frame access to a javascript: URL embed in a frame on a foreign domain denied!");
}
</script>
</head>
<body>
<p>The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content
is an iframe which loads a javascript: URL. This tests that this main document does not have access to that
javascript: URL loaded iframe.</p>
<iframe id="testFrame" style="width: 400px; height:200px;"></iframe>
<pre id="console"></pre>
</body>
</html>
Codebase Browser
chromium