search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / third_party / WebKit / LayoutTests / http / tests / security / xss-DENIED-defineProperty.html
blob5f1bbabcab0c15f2c4d3eadadc5bb2aaf18a2f30
1 <script>
2 if (window.testRunner) {
3 testRunner.dumpAsText();
4 testRunner.waitUntilDone();
5 }
6 var o = Object;
7 function finish()
8 {
9 if (Object.getOwnPropertyDescriptor(this, "Object").value === o)
10 document.getElementById("console").innerHTML += "PASS: cross-site assignment of Object constructor not allowed<br/>";
11 else
12 document.getElementById("console").innerHTML += "FAIL: cross-site assignment of Object constructor was allowed!<br/>";
13
14 if (Object.getOwnPropertyDescriptor(this, "newProperty") === undefined)
15 document.getElementById("console").innerHTML += "PASS: cross-site assignment of new property not allowed<br/>";
16 else
17 document.getElementById("console").innerHTML += "FAIL: cross-site assignment of new property was allowed!<br/>";
18
19 if (location.hash.length == 0)
20 document.getElementById("console").innerHTML += "PASS: cross-site assignment of location.hash not allowed<br/>";
21 else
22 document.getElementById("console").innerHTML += "FAIL: cross-site assignment of location.hash was allowed!<br/>";
23
24 if (location.search.length == 0)
25 document.getElementById("console").innerHTML += "PASS: cross-site assignment of location.search not allowed<br/>";
26 else
27 document.getElementById("console").innerHTML += "FAIL: cross-site assignment of location.search was allowed!<br/>";
28
29 if (!("newProperty" in location))
30 document.getElementById("console").innerHTML += "PASS: cross-site assignment of location.newProperty not allowed<br/>";
31 else
32 document.getElementById("console").innerHTML += "FAIL: cross-site assignment of location.newProperty was allowed!<br/>";
33
34 if (location.reload != "hax0red")
35 document.getElementById("console").innerHTML += "PASS: cross-site assignment of location.reload not allowed<br/>";
36 else
37 document.getElementById("console").innerHTML += "FAIL: cross-site assignment of location.reload was allowed!<br/>";
38
39 if (window.testRunner)
40 testRunner.notifyDone();
41 }
42 </script>
43
44 <body onload="finish()">
45 <iframe width=70% height=300 src="http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html"></iframe>
46 <div id="console"></div>
47 </body>
48 </html>