src/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame.html

   1 <html>
   2 <head>
   3     <script src="../resources/cross-frame-access.js"></script>
   4     <script>
   5         var subFramesLoaded = 0;
   6         if (window.testRunner) {
   7             testRunner.dumpAsText();
   8             testRunner.dumpChildFramesAsText();
   9             testRunner.waitUntilDone();
  10         }
  11
  12         function startTestWhenReady() {
  13             if (++subFramesLoaded == 2)
  14                 document.getElementById('secondSubFrame').contentWindow.postMessage('perform test', '*');
  15         }
  16
  17         function loaded() {
  18             var firstURL = "data:text/html,<html>"
  19                 + "<body>"
  20                 +     "<p>Inner iframe.</p>"
  21                 +     "<p id='accessMe'>Pass: Cross frame access from a sibling data: URL was denied.</p>"
  22                 + "</body>"
  23                 + "</html>";
  24
  25             var iframe = document.getElementById("firstSubFrame");
  26             iframe.onload = startTestWhenReady;
  27             iframe.src = firstURL;
  28
  29             var secondURL = "data:text/html,<html>"
  30                 + "<head>"
  31                 +     "<scr" + "ipt>"
  32                 +         "function loaded() {"
  33                 +             "window.addEventListener('message', performTest);"
  34                 +         "}"
  35                 +         "function performTest() {"
  36                 +             "try {"
  37                 +                 "parent.frames['firstSubFrame'].document.getElementById('accessMe').innerHTML = 'FAIL: Cross frame access from a sibling data: URL was allowed.';"
  38                 +             "} catch (e) {"
  39                 +             "}"
  40                 +             "if (window.testRunner)"
  41                 +                 "testRunner.notifyDone();"
  42                 +         "}"
  43                 +     "</scr" + "ipt>"
  44                 + "</head>"
  45                 + "<body onload=\"loaded();\">"
  46                 +     "<p>Inner iframe.</p>"
  47                 +     "<pre id='console'></pre>"
  48                 + "</body>"
  49                 + "</html>";
  50
  51             iframe = document.getElementById("secondSubFrame");
  52             iframe.onload = startTestWhenReady;
  53             iframe.src = secondURL;
  54         }
  55     </script>
  56 </head>
  57 <body onload="loaded();">
  58     <p>This tests that a data: URL subframe can't access a sibling data: URL subframe.</p>
  59     <iframe id="firstSubFrame" name="firstSubFrame"></iframe>
  60     <iframe id="secondSubFrame" name="secondSubFrame"></iframe>
  61 </body>
  62 </html>