src/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level.html

   1 <html>
   2 <head>
   3     <script src="../resources/cross-frame-access.js"></script>
   4     <script>
   5         if (window.testRunner) {
   6             testRunner.dumpAsText();
   7             testRunner.dumpChildFramesAsText();
   8             testRunner.waitUntilDone();
   9         }
  10
  11         function loaded() {
  12             var innerURL = 'data:text/html,<html>'
  13                 + "<head>"
  14                 +     "<scr" + "ipt>"
  15                 +         "function fireSentinel() {"
  16                 +             "if (window.testRunner)"
  17                 +                 "testRunner.globalFlag = true;"
  18                 +         "}"
  19                 +     "</scr" + "ipt>"
  20                 + "</head>"
  21                 + "<body onload=\"fireSentinel();\">"
  22                 +     "<p id=\"accessMe\">PASS: Cross frame access to a data: URL 2 levels deep was denied.</p>"
  23                 +     "<p>Inner-inner iframe.</p>"
  24                 + "</body>"
  25                 + '</html>';
  26
  27             var url = "data:text/html,<html>"
  28                 + "<body>"
  29                 +     "<p>Inner iframe.</p>"
  30                 +     "<iframe src='" + innerURL + "'></iframe>"
  31                 + "</body>"
  32                 + "</html>";
  33
  34             var iframe = document.getElementById("aFrame");
  35             iframe.src = url;
  36
  37             if (window.testRunner) {
  38                 setTimeout(waitForFlag, 1);
  39                 function waitForFlag() {
  40                     if (!testRunner.globalFlag) {
  41                         setTimeout(waitForFlag, 1);
  42                         return;
  43                     }
  44                     performTest();
  45                 }
  46             } else {
  47                 log("Click the button when all the subframes have finished loading.");
  48             }
  49         }
  50
  51         function performTest() {
  52             try {
  53                 var innerInnerFrame = window.frames[0].frames[0];
  54                 if (innerInnerFrame.document.getElementById('accessMe')) {
  55                     innerInnerFrame.document.getElementById('accessMe').innerHTML = 'FAIL: Cross frame access to a data: URL 2 levels deep was allowed.';
  56                     log('FAIL: Cross frame access to a data: URL 2 levels deep was allowed.');
  57                     if (window.testRunner)
  58                         testRunner.notifyDone();
  59                     return;
  60                 }
  61             } catch (e) {
  62             }
  63
  64             log('PASS: Cross frame access to a data: URL 2 levels deep was denied.');
  65             if (window.testRunner)
  66                 testRunner.notifyDone();
  67         }
  68
  69     </script>
  70 </head>
  71 <body onload="loaded();">
  72     <p>This tests that the main frame doesn't have access to a data: URL loaded in an iframe inside another data: URL loaded iframe.</p>
  73     <button onclick="performTest()">Test</button>
  74     <iframe id="aFrame" name="aFrame" style="width: 500px; height: 300px;"></iframe>
  75     <pre id='console'></pre>
  76 </body>
  77 </html>