[platform/framework/web/crosswalk.git] / src / third_party / WebKit / LayoutTests / http / tests / security / javascriptURL / xss-DENIED-to-javascript-url-in-foreign-domain-window-open.html

<html>
<head>
    <script src="../resources/cross-frame-access.js"></script>
    <script>
        var openedWindow;

        window.onload = function()
        {
            if (window.testRunner) {
                testRunner.dumpAsText();
                testRunner.setCanOpenWindows();
                testRunner.waitUntilDone();
            }

            openedWindow = window.open("http://localhost:8000/security/javascriptURL/resources/foreign-domain-javascript-url-accessee-opened-frame.html");

            if (window.testRunner) {
                setTimeout(pollForTest, 1);
            } else {
                log("To run the test, click the button below when the opened window finishes loading.");
                var button = document.createElement("button");
                button.appendChild(document.createTextNode("Run Test"));
                button.onclick = runTest;
                document.body.appendChild(button);
            }
        }

        pollForTest = function()
        {
            if (!testRunner.globalFlag) {
                setTimeout(pollForTest, 1);
                return;
            }
            runTest();
            closeWindowAndNotifyDone(openedWindow);
        }

        runTest = function()
        {
            try {
                openedWindow[0].document.getElementById('accessMe').innerHTML = "FAIL: Cross frame access to a javascript: URL embed in a frame window.open'ed on foreign domain allowed.";
                log("FAIL: Cross frame access to a javascript: URL embed in a frame window.open'ed on foreign domain allowed.");
                return;
            } catch (e) {
            }
            log("PASS: Cross frame access to a javascript: URL embed in a frame window.open'ed on foreign domain denied!");
        }
    </script>
</head>
<body>
    <pre id="console"></pre>
</body>
</html>