chrome/test/data/extensions/api_test/webstore_private/noframe2.html

   1 <!DOCTYPE html>
   2 <body onload="dropFrame()">
   3 This represents not an extension, but an HTML page within an untrusted
   4 origin (127.0.0.1).
   5 <script>
   6 var interval_id = -1;
   7 var check_count = 0;
   8 function dropFrame() {
   9   var s = location.href.toString();
  10   if (s.indexOf('127.0.0.1') > 0) {
  11     // try to frame a copy of an error page from the webstore origin, but
  12     // not under the webstore root directory.  The server does not send
  13     // an x-frame-options header for the error page.
  14     var f = document.createElement('iframe');
  15     s = s.replace('127.0.0.1', 'www.example.com');
  16     s = s.replace('/files/', '/nonesuch/');
  17     f.src = s;
  18     f.onload = checkFrame;
  19     f.onerror = checkFrame;
  20     document.body.appendChild(f);
  21     // Due to https://bugs.webkit.org/show_bug.cgi?id=90660 neither onload
  22     // or onerror fires when interrupted by XFO, so use a setInterval()
  23     // workaround. Remove this workaround when resolved.
  24     interval_id = setInterval("checkFrame()", 500);
  25   }
  26 }
  27
  28 function checkFrame() {
  29   try {
  30     // If the frame was blocked, we instead have an about:blank frame which we
  31     // can access.
  32     x = window.frames[0].document.location.href;
  33     document.title = 'PASS: ' + x;
  34     clearInterval(interval_id);
  35   }
  36   catch (e) {
  37     // Frame was not yet blocked, so we have no access.
  38     if (++check_count > 40) {
  39       document.title = 'FAIL';
  40       clearInterval(interval_id);
  41     }
  42   }
  43 }
  44 </script>
  45 </html>