src/third_party/WebKit/LayoutTests/http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-window-open.html

   1 <html>
   2 <head>
   3     <script src="../resources/cross-frame-access.js"></script>
   4     <script>
   5         var openedWindow;
   6
   7         window.onload = function()
   8         {
   9             if (window.testRunner) {
  10                 testRunner.dumpAsText();
  11                 testRunner.waitUntilDone();
  12                 testRunner.setCanOpenWindows();
  13             }
  14
  15             var url = "javascript:\"<html><head><scr" + "ipt>window.onload = function() { window.opener.postMessage('run test', '*'); }</scr" + "ipt></head><body><p>Opened Frame</p><p id='accessMe'>FAIL</p></body></html>\"";
  16             openedWindow = window.open(url);
  17
  18             window.addEventListener('message', function ()
  19             {
  20                 runTest();
  21                 closeWindowAndNotifyDone(openedWindow);
  22             });
  23         }
  24
  25         runTest = function()
  26         {
  27             try {
  28                 openedWindow.document.getElementById('accessMe').innerHTML = "PASS: Access to a window opened with a javascript: URL was allowed!";
  29                 log("PASS: Access to a window opened with a javascript: URL was allowed!");
  30             } catch (e) {
  31                 log("FAIL: Access to a window opened with a javascript: URL was denied.");
  32             }
  33         }
  34     </script>
  35 </head>
  36 <body>
  37     <p>Opener Frame</p>
  38     <pre id="console"></pre>
  39 </body>
  40 </html>