search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / third_party / WebKit / LayoutTests / http / tests / security / cross-frame-access-put.html
blob835baa87bb74506bd4e4a2705f435350b272be63
1
2 <p>This test checks cross-frame access security of window attribute setters (rdar://problem/5326791).</p>
3 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html" style=""></iframe>
4 <pre id="console"></pre>
5 <script>
6 function log(s)
7 {
8 document.getElementById("console").appendChild(document.createTextNode(s + "\n"));
9 }
10
11 function setForbiddenProperty(obj, prop)
12 {
13 try {
14 obj[prop] = "FAIL!! CUSTOM " + prop;
15 } catch (ex) {
16 log("PASS: Unable to set property " + prop + ": " + ex);
17 }
18 }
19
20 window.targetWindow = window.frames[0];
21
22 window.onload = function()
23 {
24 if (window.testRunner) {
25 testRunner.dumpAsText();
26 testRunner.waitUntilDone();
27 }
28
29 // FIXME: This test should use fast/window/resources/window-properties.js instead of a custom list.
30 // Constructors
31 setForbiddenProperty(targetWindow, "Attr");
32 setForbiddenProperty(targetWindow, "CDATASection");
33 setForbiddenProperty(targetWindow, "CharacterData");
34 setForbiddenProperty(targetWindow, "Comment");
35 setForbiddenProperty(targetWindow, "CSSRule");
36 setForbiddenProperty(targetWindow, "CSSStyleDeclaration");
37 setForbiddenProperty(targetWindow, "Document");
38 setForbiddenProperty(targetWindow, "DocumentFragment");
39 setForbiddenProperty(targetWindow, "DocumentType");
40 setForbiddenProperty(targetWindow, "DOMException");
41 setForbiddenProperty(targetWindow, "DOMImplementation");
42 setForbiddenProperty(targetWindow, "DOMParser");
43 setForbiddenProperty(targetWindow, "Element");
44 setForbiddenProperty(targetWindow, "EvalError");
45 setForbiddenProperty(targetWindow, "Event");
46 setForbiddenProperty(targetWindow, "HTMLAnchorElement");
47 setForbiddenProperty(targetWindow, "HTMLAreaElement");
48 setForbiddenProperty(targetWindow, "HTMLBaseElement");
49 setForbiddenProperty(targetWindow, "HTMLBodyElement");
50 setForbiddenProperty(targetWindow, "HTMLBRElement");
51 setForbiddenProperty(targetWindow, "HTMLButtonElement");
52 setForbiddenProperty(targetWindow, "HTMLCanvasElement");
53 setForbiddenProperty(targetWindow, "HTMLDirectoryElement");
54 setForbiddenProperty(targetWindow, "HTMLDivElement");
55 setForbiddenProperty(targetWindow, "HTMLDListElement");
56 setForbiddenProperty(targetWindow, "HTMLDocument");
57 setForbiddenProperty(targetWindow, "HTMLElement");
58 setForbiddenProperty(targetWindow, "HTMLFieldSetElement");
59 setForbiddenProperty(targetWindow, "HTMLFontElement");
60 setForbiddenProperty(targetWindow, "HTMLFormElement");
61 setForbiddenProperty(targetWindow, "HTMLFrameElement");
62 setForbiddenProperty(targetWindow, "HTMLFrameSetElement");
63 setForbiddenProperty(targetWindow, "HTMLHeadElement");
64 setForbiddenProperty(targetWindow, "HTMLHeadingElement");
65 setForbiddenProperty(targetWindow, "HTMLHRElement");
66 setForbiddenProperty(targetWindow, "HTMLHtmlElement");
67 setForbiddenProperty(targetWindow, "HTMLIFrameElement");
68 setForbiddenProperty(targetWindow, "HTMLImageElement");
69 setForbiddenProperty(targetWindow, "HTMLInputElement");
70 setForbiddenProperty(targetWindow, "HTMLLabelElement");
71 setForbiddenProperty(targetWindow, "HTMLLegendElement");
72 setForbiddenProperty(targetWindow, "HTMLLIElement");
73 setForbiddenProperty(targetWindow, "HTMLLinkElement");
74 setForbiddenProperty(targetWindow, "HTMLMapElement");
75 setForbiddenProperty(targetWindow, "HTMLMarqueeElement");
76 setForbiddenProperty(targetWindow, "HTMLMenuElement");
77 setForbiddenProperty(targetWindow, "HTMLMetaElement");
78 setForbiddenProperty(targetWindow, "HTMLModElement");
79 setForbiddenProperty(targetWindow, "HTMLOListElement");
80 setForbiddenProperty(targetWindow, "HTMLOptGroupElement");
81 setForbiddenProperty(targetWindow, "HTMLOptionElement");
82 setForbiddenProperty(targetWindow, "HTMLParagraphElement");
83 setForbiddenProperty(targetWindow, "HTMLParamElement");
84 setForbiddenProperty(targetWindow, "HTMLPreElement");
85 setForbiddenProperty(targetWindow, "HTMLQuoteElement");
86 setForbiddenProperty(targetWindow, "HTMLScriptElement");
87 setForbiddenProperty(targetWindow, "HTMLSelectElement");
88 setForbiddenProperty(targetWindow, "HTMLStyleElement");
89 setForbiddenProperty(targetWindow, "HTMLTableCaptionElement");
90 setForbiddenProperty(targetWindow, "HTMLTableCellElement");
91 setForbiddenProperty(targetWindow, "HTMLTableColElement");
92 setForbiddenProperty(targetWindow, "HTMLTableElement");
93 setForbiddenProperty(targetWindow, "HTMLTableRowElement");
94 setForbiddenProperty(targetWindow, "HTMLTableSectionElement");
95 setForbiddenProperty(targetWindow, "HTMLTextAreaElement");
96 setForbiddenProperty(targetWindow, "HTMLTitleElement");
97 setForbiddenProperty(targetWindow, "HTMLUListElement");
98 setForbiddenProperty(targetWindow, "MutationEvent");
99 setForbiddenProperty(targetWindow, "Node");
100 setForbiddenProperty(targetWindow, "NodeFilter");
101 setForbiddenProperty(targetWindow, "ProcessingInstruction");
102 setForbiddenProperty(targetWindow, "Range");
103 setForbiddenProperty(targetWindow, "RangeError");
104 setForbiddenProperty(targetWindow, "ReferenceError");
105 setForbiddenProperty(targetWindow, "SyntaxError");
106 setForbiddenProperty(targetWindow, "Text");
107 setForbiddenProperty(targetWindow, "TypeError");
108 setForbiddenProperty(targetWindow, "URIError");
109 setForbiddenProperty(targetWindow, "XMLDocument");
110 setForbiddenProperty(targetWindow, "XMLSerializer");
111 setForbiddenProperty(targetWindow, "XPathEvaluator");
112 setForbiddenProperty(targetWindow, "XPathResult");
113
114 // FIXME: find a way to test these Constructors
115 // setForbiddenProperty(targetWindow, "Image");
116 // setForbiddenProperty(targetWindow, "Option");
117 // setForbiddenProperty(targetWindow, "XMLHttpRequest");
118 // setForbiddenProperty(targetWindow, "XSLTProcessor");
119
120 // Attributes
121 setForbiddenProperty(targetWindow, "clientInformation");
122 setForbiddenProperty(targetWindow, "closed");
123 setForbiddenProperty(targetWindow, "console");
124 setForbiddenProperty(targetWindow, "crypto");
125 setForbiddenProperty(targetWindow, "defaultStatus");
126 setForbiddenProperty(targetWindow, "defaultstatus");
127 setForbiddenProperty(targetWindow, "devicePixelRatio");
128 setForbiddenProperty(targetWindow, "document");
129 setForbiddenProperty(targetWindow, "embeds");
130 setForbiddenProperty(targetWindow, "event");
131 setForbiddenProperty(targetWindow, "frameElement");
132 setForbiddenProperty(targetWindow, "frames");
133 setForbiddenProperty(targetWindow, "history");
134 setForbiddenProperty(targetWindow, "images");
135 setForbiddenProperty(targetWindow, "innerHeight");
136 setForbiddenProperty(targetWindow, "innerWidth");
137 setForbiddenProperty(targetWindow, "length");
138 setForbiddenProperty(targetWindow, "locationbar");
139 setForbiddenProperty(targetWindow, "menubar");
140 setForbiddenProperty(targetWindow, "name");
141 setForbiddenProperty(targetWindow, "navigator");
142 setForbiddenProperty(targetWindow, "offscreenBuffering");
143 setForbiddenProperty(targetWindow, "onabort");
144 setForbiddenProperty(targetWindow, "onbeforeunload");
145 setForbiddenProperty(targetWindow, "onblur");
146 setForbiddenProperty(targetWindow, "onchange");
147 setForbiddenProperty(targetWindow, "onclick");
148 setForbiddenProperty(targetWindow, "ondblclick");
149 setForbiddenProperty(targetWindow, "onerror");
150 setForbiddenProperty(targetWindow, "onfocus");
151 setForbiddenProperty(targetWindow, "onkeydown");
152 setForbiddenProperty(targetWindow, "onkeypress");
153 setForbiddenProperty(targetWindow, "onkeyup");
154 setForbiddenProperty(targetWindow, "onload");
155 setForbiddenProperty(targetWindow, "onmousedown");
156 setForbiddenProperty(targetWindow, "onmousemove");
157 setForbiddenProperty(targetWindow, "onmouseout");
158 setForbiddenProperty(targetWindow, "onmouseover");
159 setForbiddenProperty(targetWindow, "onmouseup");
160 setForbiddenProperty(targetWindow, "onmousewheel");
161 setForbiddenProperty(targetWindow, "onreset");
162 setForbiddenProperty(targetWindow, "onresize");
163 setForbiddenProperty(targetWindow, "onscroll");
164 setForbiddenProperty(targetWindow, "onsearch");
165 setForbiddenProperty(targetWindow, "onselect");
166 setForbiddenProperty(targetWindow, "onsubmit");
167 setForbiddenProperty(targetWindow, "onunload");
168 setForbiddenProperty(targetWindow, "opener");
169 setForbiddenProperty(targetWindow, "outerHeight");
170 setForbiddenProperty(targetWindow, "outerWidth");
171 setForbiddenProperty(targetWindow, "pageXOffset");
172 setForbiddenProperty(targetWindow, "pageYOffset");
173 setForbiddenProperty(targetWindow, "personalbar");
174 setForbiddenProperty(targetWindow, "plugins");
175 setForbiddenProperty(targetWindow, "screen");
176 setForbiddenProperty(targetWindow, "screenLeft");
177 setForbiddenProperty(targetWindow, "screenTop");
178 setForbiddenProperty(targetWindow, "screenX");
179 setForbiddenProperty(targetWindow, "screenY");
180 setForbiddenProperty(targetWindow, "scrollbars");
181 setForbiddenProperty(targetWindow, "scrollX");
182 setForbiddenProperty(targetWindow, "scrollY");
183 setForbiddenProperty(targetWindow, "self");
184 setForbiddenProperty(targetWindow, "status");
185 setForbiddenProperty(targetWindow, "statusbar");
186 setForbiddenProperty(targetWindow, "toolbar");
187 setForbiddenProperty(targetWindow, "window");
188 setForbiddenProperty(targetWindow, "parent");
189
190 // Functions
191 setForbiddenProperty(targetWindow, "addEventListener");
192 setForbiddenProperty(targetWindow, "alert");
193 setForbiddenProperty(targetWindow, "atob");
194 setForbiddenProperty(targetWindow, "blur");
195 setForbiddenProperty(targetWindow, "btoa");
196 setForbiddenProperty(targetWindow, "captureEvents");
197 setForbiddenProperty(targetWindow, "clearInterval");
198 setForbiddenProperty(targetWindow, "clearTimeout");
199 setForbiddenProperty(targetWindow, "close");
200 setForbiddenProperty(targetWindow, "confirm");
201 setForbiddenProperty(targetWindow, "constructor");
202 setForbiddenProperty(targetWindow, "eval");
203 setForbiddenProperty(targetWindow, "find");
204 setForbiddenProperty(targetWindow, "focus");
205 setForbiddenProperty(targetWindow, "getComputedStyle");
206 setForbiddenProperty(targetWindow, "getMatchedCSSRules");
207 setForbiddenProperty(targetWindow, "getSelection");
208 setForbiddenProperty(targetWindow, "moveBy");
209 setForbiddenProperty(targetWindow, "moveTo");
210 setForbiddenProperty(targetWindow, "open");
211 setForbiddenProperty(targetWindow, "print");
212 setForbiddenProperty(targetWindow, "prompt");
213 setForbiddenProperty(targetWindow, "releaseEvents");
214 setForbiddenProperty(targetWindow, "removeEventListener");
215 setForbiddenProperty(targetWindow, "resizeBy");
216 setForbiddenProperty(targetWindow, "resizeTo");
217 setForbiddenProperty(targetWindow, "scroll");
218 setForbiddenProperty(targetWindow, "scrollBy");
219 setForbiddenProperty(targetWindow, "scrollTo");
220 setForbiddenProperty(targetWindow, "setInterval");
221 setForbiddenProperty(targetWindow, "setTimeout");
222 setForbiddenProperty(targetWindow, "stop");
223
224 setTimeout(function() {
225 // log(targetWindow.focus.__proto__);
226 log("MAIN WINDOW: !!-- Test ended--!!");
227
228 window.stop();
229
230 if (window.testRunner)
231 testRunner.notifyDone();
232 }, 1);
233 }
234 </script>