search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / third_party / WebKit / LayoutTests / http / tests / security / cross-frame-access-getOwnPropertyDescriptor.html
blobb101511cc579e0f7a1143a1b344cb58da4ab47d8
1 <html>
2 <head>
3 <script src="resources/cross-frame-access.js"></script>
4 <script>
5 var windowConstructorPropertiesNotAllowed = [
6 "Attr",
7 "Audio",
8 "CDATASection",
9 "CSSRule",
10 "CSSStyleDeclaration",
11 "CharacterData",
12 "Comment",
13 "DOMException",
14 "DOMImplementation",
15 "DOMParser",
16 "Document",
17 "DocumentFragment",
18 "DocumentType",
19 "Element",
20 "EntityReference",
21 "EvalError",
22 "Event",
23 "HTMLAnchorElement",
24 "HTMLAudioElement",
25 "HTMLAreaElement",
26 "HTMLBRElement",
27 "HTMLBaseElement",
28 "HTMLBodyElement",
29 "HTMLButtonElement",
30 "HTMLCanvasElement",
31 "HTMLDListElement",
32 "HTMLDirectoryElement",
33 "HTMLDivElement",
34 "HTMLDocument",
35 "HTMLElement",
36 "HTMLFieldSetElement",
37 "HTMLFontElement",
38 "HTMLFormElement",
39 "HTMLFrameElement",
40 "HTMLFrameSetElement",
41 "HTMLHRElement",
42 "HTMLHeadElement",
43 "HTMLHeadingElement",
44 "HTMLHtmlElement",
45 "HTMLIFrameElement",
46 "HTMLImageElement",
47 "HTMLInputElement",
48 "HTMLIsIndexElement",
49 "HTMLLIElement",
50 "HTMLLabelElement",
51 "HTMLLegendElement",
52 "HTMLLinkElement",
53 "HTMLMapElement",
54 "HTMLMarqueeElement",
55 "HTMLMediaElement",
56 "HTMLMenuElement",
57 "HTMLMetaElement",
58 "HTMLModElement",
59 "HTMLOListElement",
60 "HTMLOptGroupElement",
61 "HTMLOptionElement",
62 "HTMLParagraphElement",
63 "HTMLParamElement",
64 "HTMLPreElement",
65 "HTMLQuoteElement",
66 "HTMLScriptElement",
67 "HTMLSelectElement",
68 "HTMLSourceElement",
69 "HTMLStyleElement",
70 "HTMLTableCaptionElement",
71 "HTMLTableCellElement",
72 "HTMLTableColElement",
73 "HTMLTableElement",
74 "HTMLTableRowElement",
75 "HTMLTableSectionElement",
76 "HTMLTextAreaElement",
77 "HTMLTitleElement",
78 "HTMLUListElement",
79 "HTMLVideoElement",
80 "Image",
81 "MutationEvent",
82 "Node",
83 "NodeFilter",
84 "Option",
85 "ProcessingInstruction",
86 "Range",
87 "RangeError",
88 "ReferenceError",
89 "SyntaxError",
90 "Text",
91 "TypeError",
92 "URIError",
93 "XMLDocument",
94 "XMLHttpRequest",
95 "XMLSerializer",
96 "XPathEvaluator",
97 "XPathResult",
98 "XSLTProcessor"
99 ];
100
101 var windowFunctionPropertiesNotAllowed = [
102 "addEventListener",
103 "alert",
104 "atob",
105 "btoa",
106 "captureEvents",
107 "clearInterval",
108 "clearTimeout",
109 "confirm",
110 "find",
111 "getComputedStyle",
112 "getMatchedCSSRules",
113 "getSelection",
114 "moveBy",
115 "moveTo",
116 "open",
117 "print",
118 "prompt",
119 "releaseEvents",
120 "removeEventListener",
121 "resizeBy",
122 "resizeTo",
123 "scroll",
124 "scrollBy",
125 "scrollTo",
126 "setInterval",
127 "setTimeout",
128 "stop",
129 "blur",
130 "close",
131 "focus"
132 ];
133
134 var windowAttributesPropertiesNotAllowed = [
135 "clientInformation",
136 "console",
137 "crypto",
138 "defaultStatus",
139 "defaultstatus",
140 "devicePixelRatio",
141 "document",
142 "embeds",
143 "eval",
144 "event",
145 "frameElement",
146 "images",
147 "innerHeight",
148 "innerWidth",
149 "locationbar",
150 "menubar",
151 "name",
152 "navigator",
153 "offscreenBuffering",
154 "onabort",
155 "onbeforeunload",
156 "onblur",
157 "onchange",
158 "onclick",
159 "ondblclick",
160 "onerror",
161 "onfocus",
162 "onkeydown",
163 "onkeypress",
164 "onkeyup",
165 "onload",
166 "onmousedown",
167 "onmousemove",
168 "onmouseout",
169 "onmouseover",
170 "onmouseup",
171 "onmousewheel",
172 "onreset",
173 "onresize",
174 "onscroll",
175 "onsearch",
176 "onselect",
177 "onsubmit",
178 "onunload",
179 "outerHeight",
180 "outerWidth",
181 "pageXOffset",
182 "pageYOffset",
183 "personalbar",
184 "plugins",
185 "prototype",
186 "screen",
187 "screenLeft",
188 "screenTop",
189 "screenX",
190 "screenY",
191 "scrollX",
192 "scrollY",
193 "scrollbars",
194 "status",
195 "statusbar",
196 "toolbar",
197 "history",
198 ];
199
200 var windowAttributesPropertiesAllowed = [
201 "closed",
202 "frames",
203 "length",
204 "opener",
205 "parent",
206 "self",
207 "top",
208 "window"
209 ];
210
211 window.onload = function()
212 {
213 if (window.testRunner) {
214 testRunner.dumpAsText();
215 testRunner.waitUntilDone();
216 }
217
218 window.addEventListener('message', function()
219 {
220 runTest();
221 if (window.testRunner)
222 testRunner.notifyDone();
223 });
224 }
225
226 runTest = function()
227 {
228 window.targetWindow = frames[0];
229
230 log("\n----- tests for getting of not allowed properties -----\n");
231
232 log("\n----- tests for getting of not allowed Constructors -----\n");
233 for (var i = 0; i < windowConstructorPropertiesNotAllowed.length; i++) {
234 var property = windowConstructorPropertiesNotAllowed[i];
235 shouldBeFalse("canGetDescriptor(targetWindow, '" + property + "')");
236 }
237
238 log("\n----- tests for getting of not allowed Functions -----\n");
239 for (var i = 0; i < windowFunctionPropertiesNotAllowed.length; i++) {
240 var property = windowFunctionPropertiesNotAllowed[i];
241 shouldBeFalse("canGetDescriptor(targetWindow, '" + property + "')");
242 }
243
244 log("\n----- tests for getting of not allowed Attributes -----\n");
245 for (var i = 0; i < windowAttributesPropertiesNotAllowed.length; i++) {
246 var property = windowAttributesPropertiesNotAllowed[i];
247 if (property == "document")
248 log("Firefox allows access to 'document' but throws an exception when you access its properties.");
249 shouldBeFalse("canGetDescriptor(targetWindow, '" + property + "')");
250 }
251 for (var i = 0; i < windowAttributesPropertiesAllowed.length; i++) {
252 var property = windowAttributesPropertiesAllowed[i];
253 shouldBeTrue("canGetDescriptor(targetWindow, '" + property + "')");
254 }
255 log("----- tests access to cross domain location object -----");
256 window.targetLocation = targetWindow.location;
257 var locationProperties = [
258 "protocol", "host", "hostname", "port", "pathname", "search", "hash", "toString", "valueOf", "customProperty", "reload"
259 ];
260 for (var i = 0; i < locationProperties.length; i++)
261 shouldBeFalse("canGetDescriptor(targetLocation, '" + locationProperties[i] + "')");
262 var locationPropertiesAllowed = [
263 "assign", "replace"
264 ];
265 for (var i = 0; i < locationPropertiesAllowed.length; i++)
266 shouldBeTrue("canGetDescriptor(targetLocation, '" + locationPropertiesAllowed[i] + "')");
267
268 log("----- tests access to cross domain history object -----");
269 shouldThrowException("targetWindow.history");
270 }
271 </script>
272 </head>
273 <body>
274 <p>This test checks cross-frame access security of getOwnPropertyDescriptor (https://bugs.webkit.org/show_bug.cgi?id=32119).</p>
275 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
276 <pre id="console"></pre>
277 </body>
278 </html>