diff options
Diffstat (limited to 'testing/web-platform/tests/html/browsers/origin/cross-origin-objects/frame.html')
-rw-r--r-- | testing/web-platform/tests/html/browsers/origin/cross-origin-objects/frame.html | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/frame.html b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/frame.html new file mode 100644 index 0000000000..ca2dd8ebf8 --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/frame.html @@ -0,0 +1,51 @@ +<!doctype html> +<html> +<head> +<script> + if (location.search == "?setdomain") { + document.domain = document.domain; + } + + // Override the |frames| and |focus| property to test that such overrides are + // properly ignored cross-origin. + window.frames = "override"; + window.focus = "override"; + + // Also add a |then| property to test that it doesn't get exposed. + window.then = "something"; + window.location.then = "something-else"; + + // If we get a postMessage, we grab references to everything and set + // document.domain to trim off our topmost subdomain. + window.onmessage = function(evt) { + window.windowReferences = []; + window.locationReferences = []; + for (var i = 0; i < parent.length; ++i) { + windowReferences.push(parent[i]); + locationReferences.push(parent[i].location); + } + try { + document.domain = document.domain.substring(document.domain.indexOf('.') + 1); + evt.source.postMessage('PASS', '*'); + } catch (e) { + evt.source.postMessage('FAIL: cannot trim off document.domain: ' + e, '*'); + } + } + + function checkWindowReferences() { + for (var i = 0; i < parent.length; ++i) { + if (windowReferences[i] != parent[i]) + throw new Error("Window references don't match for " + i + " after document.domain"); + if (locationReferences[i] != parent[i].location) + throw new Error("Location references don't match for " + i + " after document.domain"); + } + return true; + } +</script> +</head> +<body> + <!-- Two subframes to give us some indexed properties --> + <iframe></iframe> + <iframe name=donotleakme></iframe><!-- "donotleakme" is excluded as cross-origin named property due to [[HideFromKeys]] --> +</body> +</html> |