1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
<html>
<script>
function check(elt, expectAccess, prop) {
var access = false;
try {
elt[prop];
access = true;
}
catch (e) {}
return access === expectAccess;
}
function sendMessage(success, sameOrigin, prop) {
var result = success ? 'PASS' : 'FAIL';
var message;
if (sameOrigin)
message = 'Can access |' + prop + '| if same origin';
else
message = 'Cannot access |' + prop + '| if not same origin';
parent.postMessage(result + ',' + message, '*');
}
var sameOrigin = location.host !== 'example.org';
var pass = check(frameElement, sameOrigin, 'src');
if (!pass) {
sendMessage(false, sameOrigin, 'src');
} else {
pass = check(parent.location, sameOrigin, 'href');
sendMessage(pass, sameOrigin, 'href');
}
</script>
</html>
|