src/third_party/WebKit/LayoutTests/http/tests/security/cross-frame-access-get.html

   1 <html>
   2 <head>
   3     <script src="resources/cross-frame-access.js"></script>
   4     <script>
   5         var windowConstructorPropertiesNotAllowed = [
   6             "Attr",
   7             "Audio",
   8             "CDATASection",
   9             "CSSPrimitiveValue",
  10             "CSSRule",
  11             "CSSStyleDeclaration",
  12             "CSSValue",
  13             "CharacterData",
  14             "Comment",
  15             "DOMException",
  16             "DOMImplementation",
  17             "DOMParser",
  18             "Document",
  19             "DocumentFragment",
  20             "DocumentType",
  21             "Element",
  22             "Entity",
  23             "EntityReference",
  24             "EvalError",
  25             "Event",
  26             "HTMLAnchorElement",
  27             "HTMLAudioElement",
  28             "HTMLAppletElement",
  29             "HTMLAreaElement",
  30             "HTMLBRElement",
  31             "HTMLBaseElement",
  32             "HTMLBodyElement",
  33             "HTMLButtonElement",
  34             "HTMLCanvasElement",
  35             "HTMLDListElement",
  36             "HTMLDirectoryElement",
  37             "HTMLDivElement",
  38             "HTMLDocument",
  39             "HTMLElement",
  40             "HTMLFieldSetElement",
  41             "HTMLFontElement",
  42             "HTMLFormElement",
  43             "HTMLFrameElement",
  44             "HTMLFrameSetElement",
  45             "HTMLHRElement",
  46             "HTMLHeadElement",
  47             "HTMLHeadingElement",
  48             "HTMLHtmlElement",
  49             "HTMLIFrameElement",
  50             "HTMLImageElement",
  51             "HTMLInputElement",
  52             "HTMLIsIndexElement",
  53             "HTMLLIElement",
  54             "HTMLLabelElement",
  55             "HTMLLegendElement",
  56             "HTMLLinkElement",
  57             "HTMLMapElement",
  58             "HTMLMarqueeElement",
  59             "HTMLMediaElement",
  60             "HTMLMenuElement",
  61             "HTMLMetaElement",
  62             "HTMLModElement",
  63             "HTMLOListElement",
  64             "HTMLOptGroupElement",
  65             "HTMLOptionElement",
  66             "HTMLParagraphElement",
  67             "HTMLParamElement",
  68             "HTMLPreElement",
  69             "HTMLQuoteElement",
  70             "HTMLScriptElement",
  71             "HTMLSelectElement",
  72             "HTMLSourceElement",
  73             "HTMLStyleElement",
  74             "HTMLTableCaptionElement",
  75             "HTMLTableCellElement",
  76             "HTMLTableColElement",
  77             "HTMLTableElement",
  78             "HTMLTableRowElement",
  79             "HTMLTableSectionElement",
  80             "HTMLTextAreaElement",
  81             "HTMLTitleElement",
  82             "HTMLUListElement",
  83             "HTMLVideoElement",
  84             "Image",
  85             "MutationEvent",
  86             "Node",
  87             "NodeFilter",
  88             "Notation",
  89             "Option",
  90             "ProcessingInstruction",
  91             "Range",
  92             "RangeError",
  93             "ReferenceError",
  94             "SyntaxError",
  95             "Text",
  96             "TypeError",
  97             "URIError",
  98             "XMLDocument",
  99             "XMLHttpRequest",
 100             "XMLSerializer",
 101             "XPathEvaluator",
 102             "XPathResult",
 103             "XSLTProcessor"
 104         ];
 105
 106         var windowFunctionPropertiesNotAllowed = [
 107             "addEventListener",
 108             "alert",
 109             "atob",
 110             "btoa",
 111             "captureEvents",
 112             "clearInterval",
 113             "clearTimeout",
 114             "confirm",
 115             "constructor",
 116             "find",
 117             "getComputedStyle",
 118             "getMatchedCSSRules",
 119             "getSelection",
 120             "moveBy",
 121             "moveTo",
 122             "open",
 123             "print",
 124             "prompt",
 125             "releaseEvents",
 126             "removeEventListener",
 127             "resizeBy",
 128             "resizeTo",
 129             "scroll",
 130             "scrollBy",
 131             "scrollTo",
 132             "setInterval",
 133             "setTimeout",
 134             "showModalDialog",
 135             "stop"
 136         ];
 137
 138         var windowAttributesPropertiesNotAllowed = [
 139             "clientInformation",
 140             "console",
 141             "crypto",
 142             "defaultStatus",
 143             "defaultstatus",
 144             "devicePixelRatio",
 145             "document",
 146             "embeds",
 147             "eval",
 148             "event",
 149             "frameElement",
 150             "history",
 151             "images",
 152             "innerHeight",
 153             "innerWidth",
 154             "locationbar",
 155             "menubar",
 156             "name",
 157             "navigator",
 158             "offscreenBuffering",
 159             "onabort",
 160             "onbeforeunload",
 161             "onblur",
 162             "onchange",
 163             "onclick",
 164             "ondblclick",
 165             "onerror",
 166             "onfocus",
 167             "onkeydown",
 168             "onkeypress",
 169             "onkeyup",
 170             "onload",
 171             "onmousedown",
 172             "onmousemove",
 173             "onmouseout",
 174             "onmouseover",
 175             "onmouseup",
 176             "onmousewheel",
 177             "onreset",
 178             "onresize",
 179             "onscroll",
 180             "onsearch",
 181             "onselect",
 182             "onsubmit",
 183             "onunload",
 184             "outerHeight",
 185             "outerWidth",
 186             "pageXOffset",
 187             "pageYOffset",
 188             "personalbar",
 189             "plugins",
 190             "screen",
 191             "screenLeft",
 192             "screenTop",
 193             "screenX",
 194             "screenY",
 195             "scrollX",
 196             "scrollY",
 197             "scrollbars",
 198             "status",
 199             "statusbar",
 200             "toolbar"
 201         ];
 202
 203         var windowFunctionPropertiesAllowed = [
 204             "blur",
 205             "close",
 206             "focus"
 207         ]
 208
 209         var windowAttributesPropertiesAllowed = [
 210             "closed",
 211             "frames",
 212             "length",
 213             "opener",
 214             "parent",
 215             "self",
 216             "top",
 217             "window",
 218         ];
 219
 220         window.onload = function()
 221         {
 222             if (window.testRunner) {
 223                 testRunner.dumpAsText();
 224                 testRunner.waitUntilDone();
 225             }
 226
 227             if (window.testRunner) {
 228                 setTimeout(pollForTest, 1);
 229             } else {
 230                 log("To run the test, click the button below when the opened window finishes loading.");
 231                 var button = document.createElement("button");
 232                 button.appendChild(document.createTextNode("Run Test"));
 233                 button.onclick = runTest;
 234                 document.body.appendChild(button);
 235             }
 236         }
 237
 238         pollForTest = function()
 239         {
 240             if (!testRunner.globalFlag) {
 241                 setTimeout(pollForTest, 1);
 242                 return;
 243             }
 244             runTest();
 245             testRunner.notifyDone();
 246         }
 247
 248         runTest = function()
 249         {
 250             window.targetWindow = frames[0];
 251
 252             log("\n----- tests for getting of allowed properties -----\n");
 253
 254             log("\n----- tests for getting of allowed Functions -----\n");
 255             for (var i = 0; i < windowFunctionPropertiesAllowed.length; i++) {
 256                 var property = windowFunctionPropertiesAllowed[i];
 257                 shouldBeTrue("canGet('targetWindow." + property + "')");
 258             }
 259
 260             log("\n----- tests for getting of allowed Attributes -----\n");
 261             for (var i = 0; i < windowAttributesPropertiesAllowed.length; i++) {
 262                 var property = windowAttributesPropertiesAllowed[i];
 263                 shouldBeTrue("canGet('targetWindow." + property + "')");
 264             }
 265
 266             log("\n----- tests for getting of not allowed properties -----\n");
 267
 268             log("\n----- tests for getting of not allowed Constructors -----\n");
 269             for (var i = 0; i < windowConstructorPropertiesNotAllowed.length; i++) {
 270                 var property = windowConstructorPropertiesNotAllowed[i];
 271                 shouldBeFalse("canGet('targetWindow." + property + "')");
 272             }
 273
 274             log("\n----- tests for getting of not allowed Functions -----\n");
 275             for (var i = 0; i < windowFunctionPropertiesNotAllowed.length; i++) {
 276                 var property = windowFunctionPropertiesNotAllowed[i];
 277                 shouldBeFalse("canGet('targetWindow." + property + "')");
 278             }
 279
 280             log("\n----- tests for getting of not allowed Attributes -----\n");
 281             for (var i = 0; i < windowAttributesPropertiesNotAllowed.length; i++) {
 282                 var property = windowAttributesPropertiesNotAllowed[i];
 283                 if (property == "document")
 284                     log("Firefox allows access to 'document' but throws an exception when you access its properties.");
 285                 shouldBeFalse("canGet('targetWindow." + property + "')");
 286             }
 287         }
 288     </script>
 289 </head>
 290 <body>
 291 <p>This test checks cross-frame access security (rdar://problem/5251309).</p>
 292 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
 293 <pre id="console"></pre>
 294 </body>
 295 </html>