WebCore:
[WebKit-https.git] / LayoutTests / http / tests / security / xss-DENIED-invalid-domain-change.html
1 <html>
2 <body>
3 <iframe name='aFrame' src='http://localhost:8000/security/resources/iframe-invalid-domain-change.html'></iframe>
4
5 <div id="console"></div>
6 </body>
7 <script>
8 if (window.layoutTestController) {
9     layoutTestController.dumpAsText();
10     layoutTestController.waitUntilDone();
11 }
12
13 try {
14   // change own domain to an invalid one
15   document.domain = 'apple.com';
16 } catch (e) {
17 }
18
19 window.onload = cross_frame_access;
20
21 function cross_frame_access() {
22   var aframe = window.frames[0];
23   try {
24     if (typeof aframe.document == 'undefined') throw 1;
25     document.getElementById("console").innerHTML = "FAIL: cross-site access allowed";
26   } catch (e) {
27     document.getElementById("console").innerHTML = "PASS: cross-site not access allowed";
28   }
29
30   if (window.layoutTestController)
31     layoutTestController.notifyDone();
32 }
33 </script>
34 </html>