third_party/WebKit/LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-no-file-access-real.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   2                       "http://www.w3.org/TR/html4/loose.dtd">
   3 <html>
   4 <head>
   5     <script>
   6         function log(message)
   7         {
   8             var console = document.getElementById('console');
   9             console.appendChild(document.createTextNode(message));
  10             console.appendChild(document.createElement('br'));
  11         }
  12
  13         function testXHRDenied()
  14         {
  15             log("Checking that same-origin iframes work.");
  16             var f = document.getElementById("f");
  17             f.contentDocument.body.innerHTML = "Successful write into iframe";
  18             log("Doing an XHR to an existing file.");
  19             xhr = new XMLHttpRequest();
  20
  21             try {
  22                 xhr.open("GET", "../xmlhttprequest-no-file-access-expected.txt", false);
  23                 xhr.send("");
  24                 log("Bad: XHR didn't throw exception");
  25             } catch(e) {
  26                 log("Exception: " + e.message);
  27                 try {
  28                     var results = window.top.document.getElementById('results');
  29                     log("Bad: DOM access didn't throw exception");
  30                 } catch (e) {
  31                     log("Exception: " + e.message);
  32                     if (window.testRunner) {
  33                         setTimeout("testRunner.notifyDone()", 0);
  34                     }
  35                 }
  36             }
  37         }
  38         </script>
  39     </head>
  40     <body onload="testXHRDenied()">
  41     <iframe id="f"></iframe>
  42         <p> We're checking we can't read an arbitrary file when we set each file:// URI to have a unique domain. </p>
  43         <div id="console"/>
  44     </body>
  45 </html>