3 <script src="resources/cross-frame-access.js"></script>
5 var windowConstructorPropertiesNotAllowed = [
11 "CSSStyleDeclaration",
36 "HTMLDirectoryElement",
40 "HTMLFieldSetElement",
44 "HTMLFrameSetElement",
64 "HTMLOptGroupElement",
66 "HTMLParagraphElement",
74 "HTMLTableCaptionElement",
75 "HTMLTableCellElement",
76 "HTMLTableColElement",
78 "HTMLTableRowElement",
79 "HTMLTableSectionElement",
80 "HTMLTextAreaElement",
90 "ProcessingInstruction",
106 var windowFunctionPropertiesNotAllowed = [
118 "getMatchedCSSRules",
126 "removeEventListener",
138 var windowAttributesPropertiesNotAllowed = [
158 "offscreenBuffering",
203 var windowFunctionPropertiesAllowed = [
209 var windowAttributesPropertiesAllowed = [
220 window.onload = function()
222 if (window.testRunner) {
223 testRunner.dumpAsText();
224 testRunner.waitUntilDone();
227 if (window.testRunner) {
228 setTimeout(pollForTest, 1);
230 log("To run the test, click the button below when the opened window finishes loading.");
231 var button = document.createElement("button");
232 button.appendChild(document.createTextNode("Run Test"));
233 button.onclick = runTest;
234 document.body.appendChild(button);
238 pollForTest = function()
240 if (!testRunner.globalFlag) {
241 setTimeout(pollForTest, 1);
245 testRunner.notifyDone();
250 window.targetWindow = frames[0];
252 log("\n----- tests for getting of allowed properties -----\n");
254 log("\n----- tests for getting of allowed Functions -----\n");
255 for (var i = 0; i < windowFunctionPropertiesAllowed.length; i++) {
256 var property = windowFunctionPropertiesAllowed[i];
257 shouldBeTrue("canGet('targetWindow." + property + "')");
260 log("\n----- tests for getting of allowed Attributes -----\n");
261 for (var i = 0; i < windowAttributesPropertiesAllowed.length; i++) {
262 var property = windowAttributesPropertiesAllowed[i];
263 shouldBeTrue("canGet('targetWindow." + property + "')");
266 log("\n----- tests for getting of not allowed properties -----\n");
268 log("\n----- tests for getting of not allowed Constructors -----\n");
269 for (var i = 0; i < windowConstructorPropertiesNotAllowed.length; i++) {
270 var property = windowConstructorPropertiesNotAllowed[i];
271 shouldBeFalse("canGet('targetWindow." + property + "')");
274 log("\n----- tests for getting of not allowed Functions -----\n");
275 for (var i = 0; i < windowFunctionPropertiesNotAllowed.length; i++) {
276 var property = windowFunctionPropertiesNotAllowed[i];
277 shouldBeFalse("canGet('targetWindow." + property + "')");
280 log("\n----- tests for getting of not allowed Attributes -----\n");
281 for (var i = 0; i < windowAttributesPropertiesNotAllowed.length; i++) {
282 var property = windowAttributesPropertiesNotAllowed[i];
283 if (property == "document")
284 log("Firefox allows access to 'document' but throws an exception when you access its properties.");
285 shouldBeFalse("canGet('targetWindow." + property + "')");
291 <p>This test checks cross-frame access security (rdar://problem/5251309).</p>
292 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
293 <pre id="console"></pre>