src/third_party/WebKit/LayoutTests/http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-sub-frame-2-level.html

   1 <html>
   2 <head>
   3     <script src="../resources/cross-frame-access.js"></script>
   4     <script>
   5         window.onload = function()
   6         {
   7             if (window.testRunner) {
   8                 testRunner.dumpAsText();
   9                 testRunner.dumpChildFramesAsText();
  10                 testRunner.waitUntilDone();
  11             }
  12
  13             var innerURL = 'javascript:\\\"<html>'
  14                 + "<head>"
  15                 +     "<scr" + "ipt>"
  16                 +         "window.onload = function()"
  17                 +         "{"
  18                 +             'window.top.postMessage(\\\\\\"run test\\\\\\", \\\\\\"*\\\\\\");'
  19                 +         "}"
  20                 +     "</scr" + "ipt>"
  21                 + "</head>"
  22                 + "<body>"
  23                 +     '<p id=\\\\\\"accessMe\\\\\\">FAIL: Cross frame access to a javascript: URL 2 levels deep was denied.</p>'
  24                 +     "<p>Inner-inner iframe.</p>"
  25                 + "</body>"
  26                 + '</html>\\\"';
  27
  28             var url = "javascript:\"<html>"
  29                 + "<body>"
  30                 +     "<iframe src='" + innerURL + "'></iframe>"
  31                 +     "<p>Inner iframe.</p>"
  32                 + "</body>"
  33                 + "</html>\"";
  34
  35             var iframe = document.getElementById("aFrame");
  36             iframe.src = url;
  37
  38             window.addEventListener('message', function ()
  39             {
  40                 runTest();
  41                 if (window.testRunner)
  42                     testRunner.notifyDone();
  43             });
  44         }
  45
  46         runTest = function()
  47         {
  48             try {
  49                 window[0][0].document.getElementById('accessMe').innerHTML = 'PASS: Cross frame access to a javascript: URL 2 levels deep was allowed!';
  50                 log('PASS: Cross frame access to a javascript: URL 2 levels deep was allowed!');
  51             } catch (e) {
  52                 log('FAIL: Cross frame access to a javascript: URL 2 levels deep was denied.');
  53             }
  54         }
  55     </script>
  56 </head>
  57 <body>
  58     <p>This tests that the main frame has access to a javascript: URL loaded in an iframe inside another javascript: URL loaded iframe.</p>
  59     <iframe id="aFrame" name="aFrame" style="width: 500px; height: 300px;"></iframe>
  60     <pre id='console'></pre>
  61 </body>
  62 </html>