WebKit should prevent push/replace state with username in URL.
[WebKit-https.git] / LayoutTests / http / tests / security / history-username-password.html
1 <script>
2 if (window.testRunner) {
3     testRunner.dumpAsText();
4     testRunner.setCanOpenWindows();
5     testRunner.waitUntilDone();
6 }
7
8 function log(msg)
9 {
10     document.getElementById("logger").innerHTML += msg + "<br>";
11 }
12
13 function testHistoryObject(historyToTest)
14 {
15     try {
16         historyToTest.replaceState(null, "Phishy Title", location.protocol + "//www.webkit.org" + "@" + location.host);
17         log("replaceState with username worked, shouldn't have.");
18     } catch(e) {
19         log(e);
20     }
21
22     try {
23         historyToTest.replaceState(null, "Phishy Title", location.protocol + "//:www.webkit.org" + "@" + location.host);
24         log("replaceState with password worked, shouldn't have.");
25     } catch(e) {
26         log(e);
27     }
28
29     try {
30         historyToTest.replaceState(null, "Phishy Title", location.protocol + "//www.webkit:org" + "@" + location.host);
31         log("replaceState with username and password worked, shouldn't have.");
32     } catch(e) {
33         log(e);
34     }
35
36     try {
37         historyToTest.pushState(null, "Phishy Title", location.protocol + "//www.webkit.org" + "@" + location.host);
38         log("pushState with username worked, shouldn't have.");
39     } catch(e) {
40         log(e);
41     }
42
43     try {
44         historyToTest.pushState(null, "Phishy Title", location.protocol + "//:www.webkit.org" + "@" + location.host);
45         log("pushState with password worked, shouldn't have.");
46     } catch(e) {
47         log(e);
48     }
49
50     try {
51         historyToTest.pushState(null, "Phishy Title", location.protocol + "//www.webkit:org" + "@" + location.host);
52         log("pushState with username and password worked, shouldn't have.");
53     } catch(e) {
54         log(e);
55     }
56 }
57
58 function clicked()
59 {
60     newWindow = window.open('','newWindow');
61     testHistoryObject(newWindow.history);
62     if (window.testRunner)
63         testRunner.notifyDone();
64 }
65
66 function loaded()
67 {
68     testHistoryObject(window.history);
69
70     if (window.eventSender) {
71         var button = document.getElementById("theButton");
72         eventSender.mouseMoveTo(button.offsetLeft + 5, button.offsetTop + 5);
73         eventSender.mouseDown();
74         eventSender.mouseUp();
75     }
76 }
77
78 </script>
79 <body onload="loaded();">
80 <button id="theButton" onclick="clicked();">Click to test in new window</button>
81 <div id="logger"></div>
82 </body>