third_party/WebKit/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url.html

   1 <html>
   2 <head>
   3 <script>
   4 if (window.testRunner) {
   5         testRunner.dumpAsText();
   6         testRunner.waitUntilDone();
   7         testRunner.setCanOpenWindows();
   8         testRunner.setCloseRemainingWindowsWhenComplete(true);
   9 }
  10
  11 window.onload = function()
  12 {
  13         victim = document.body.appendChild(document.createElement("iframe"));
  14         wnd = victim.contentWindow.open();
  15         victim.src = "http://localhost:8080/security/resources/innocent-victim.html";
  16         victim.onload = function() {
  17                 victim.onload = null;
  18
  19                 wnd.eval("(" + function() {
  20                         location = "javascript:(" + function() {
  21                                 a = document.createElement("a");
  22                                 a.href = "about:blank";
  23                                 e = document.createEvent("MouseEvent");
  24                                 e.initMouseEvent("click");
  25                                 a.dispatchEvent(e);
  26
  27                                 return "<script>(" + function() {
  28                                         opener.location = "javascript:alert(document.body.innerHTML)";
  29
  30                                         if (window.testRunner)
  31                                                 setTimeout("testRunner.notifyDone()", 0);
  32                                 } + ")()<\/script>";
  33                         } + ")()";
  34                 } + ")()");
  35         }
  36 }
  37 </script>
  38 </head>
  39 <body>
  40 This test passes if there's no alert dialog.
  41 </body>
  42 </html>