+2007-07-16 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Kevin McCullough.
+
+ Breakup http/tests/security/cross-frame-access.html into multiple tests to
+ make it easier to identify flaws should they arise.
+
+ - Also factors out JS into a separate file.
+
+ * http/tests/security/cross-frame-access-custom-expected.txt: Added.
+ * http/tests/security/cross-frame-access-custom.html: Added.
+ * http/tests/security/cross-frame-access-expected.txt:
+ * http/tests/security/cross-frame-access-frames-expected.txt: Added.
+ * http/tests/security/cross-frame-access-frames.html: Added.
+ * http/tests/security/cross-frame-access-history-expected.txt: Added.
+ * http/tests/security/cross-frame-access-history.html: Added.
+ * http/tests/security/cross-frame-access-location-expected.txt: Added.
+ * http/tests/security/cross-frame-access-location.html: Added.
+ * http/tests/security/cross-frame-access-name-getter-expected.txt: Added.
+ * http/tests/security/cross-frame-access-name-getter.html: Added.
+ * http/tests/security/cross-frame-access.html:
+ * http/tests/security/resources/cross-frame-access.js: Added.
+
2007-07-16 Anders Carlsson <andersca@apple.com>
Remove basic-auth.html, it no longer hangs on Leopard.
--- /dev/null
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
+
+
+
+----- tests for getting/setting interesting properties -----
+
+PASS: canGet('targetWindow.Object') should be 'false' and is.
+PASS: canSet('targetWindow.Object') should be 'false' and is.
+PASS: canGet('targetWindow.existingCustomProperty') should be 'false' and is.
+PASS: canSet('targetWindow.existingCustomProperty') should be 'false' and is.
+PASS: canSet('targetWindow.newCustomProperty') should be 'false' and is.
+PASS: canGet('targetWindow.hasOwnProperty') should be 'false' and is.
+PASS: canSet('targetWindow.hasOwnProperty') should be 'false' and is.
+PASS: canGet('targetWindow.prototypeCustomProperty') should be 'false' and is.
+PASS: canSet('targetWindow.prototypeCustomProperty') should be 'false' and is.
+PASS: canGet('targetWindow.toString') should be 'false' and is.
+PASS: canSet('targetWindow.toString') should be 'false' and is.
+FIXME: Firefox allows converting a window to string -- maybe WebKit should, too.
+PASS: toString('targetWindow', '') should be '' and is.
+
--- /dev/null
+<html>
+<head>
+ <script src="resources/cross-frame-access.js"></script>
+</head>
+<body>
+<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
+<pre id="console"></pre>
+<script>
+
+window.targetWindow = frames[0];
+
+window.onload = function()
+{
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ log("\n----- tests for getting/setting interesting properties -----\n");
+
+ // built-in property
+ shouldBeFalse("canGet('targetWindow.Object')");
+ shouldBeFalse("canSet('targetWindow.Object')");
+
+ // pre-existing custom property
+ shouldBeFalse("canGet('targetWindow.existingCustomProperty')");
+ shouldBeFalse("canSet('targetWindow.existingCustomProperty')");
+
+ // new custom property
+ shouldBeFalse("canSet('targetWindow.newCustomProperty')");
+
+ // built-in prototype property
+ shouldBeFalse("canGet('targetWindow.hasOwnProperty')");
+ shouldBeFalse("canSet('targetWindow.hasOwnProperty')");
+
+ // custom prototype property
+ shouldBeFalse("canGet('targetWindow.prototypeCustomProperty')");
+ shouldBeFalse("canSet('targetWindow.prototypeCustomProperty')");
+
+ // window object itself
+ shouldBeFalse("canGet('targetWindow.toString')");
+ shouldBeFalse("canSet('targetWindow.toString')");
+ log("FIXME: Firefox allows converting a window to string -- maybe WebKit should, too.");
+ shouldBe("toString('targetWindow', '')", "''");
+
+ // Work around DRT bug that causes subsequent tests to fail.
+ window.stop();
+}
+</script>
+</body>
+</html>
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access.html. Domains, protocols and ports must match.
-
This test checks cross-frame access security (rdar://problem/5251309).
PASS: canGet('targetWindow.toolbar') should be 'false' and is.
PASS: canSet('targetWindow.toolbar') should be 'false' and is.
------ tests for getting/setting interesting properties -----
-
-PASS: canGet('targetWindow.Object') should be 'false' and is.
-PASS: canSet('targetWindow.Object') should be 'false' and is.
-PASS: canGet('targetWindow.existingCustomProperty') should be 'false' and is.
-PASS: canSet('targetWindow.existingCustomProperty') should be 'false' and is.
-PASS: canSet('targetWindow.newCustomProperty') should be 'false' and is.
-PASS: canGet('targetWindow.hasOwnProperty') should be 'false' and is.
-PASS: canSet('targetWindow.hasOwnProperty') should be 'false' and is.
-PASS: canGet('targetWindow.prototypeCustomProperty') should be 'false' and is.
-PASS: canSet('targetWindow.prototypeCustomProperty') should be 'false' and is.
-PASS: canGet('targetWindow.toString') should be 'false' and is.
-PASS: canSet('targetWindow.toString') should be 'false' and is.
-FIXME: Firefox allows converting a window to string -- maybe WebKit should, too.
-PASS: toString('targetWindow', '') should be '' and is.
-PASS: canGet('targetWindow.testiframe') should be 'true' and is.
-PASS: canGet('targetWindow.testimage') should be 'false' and is.
-PASS: targetWindow.frames.length should be '1' and is.
-PASS: canGet('targetWindow.frames[0]') should be 'true' and is.
-PASS: canGet('targetWindow[0]') should be 'true' and is.
-PASS: canGet('targetWindow.location') should be 'true' and is.
-PASS: toString('targetWindow.location', '') should be '' and is.
-Firefox allows access to 'location.toString' but throws an exception when you call it.
-PASS: canGet('targetWindow.location.toString') should be 'false' and is.
-PASS: canSet('targetWindow.location.toString') should be 'false' and is.
-PASS: canGet('targetWindow.location.href') should be 'false' and is.
-PASS: canGet('targetWindow.location.hash') should be 'false' and is.
-PASS: canGet('targetWindow.location.host') should be 'false' and is.
-PASS: canGet('targetWindow.location.hostname') should be 'false' and is.
-PASS: canGet('targetWindow.location.pathname') should be 'false' and is.
-PASS: canGet('targetWindow.location.port') should be 'false' and is.
-PASS: canGet('targetWindow.location.protocol') should be 'false' and is.
-PASS: canGet('targetWindow.location.search') should be 'false' and is.
-PASS: canSet('targetWindow.location') should be 'false' and is.
-PASS: canSet('targetWindow.location.href') should be 'false' and is.
-PASS: canSet('targetWindow.location.hash') should be 'false' and is.
-PASS: canSet('targetWindow.location.host') should be 'false' and is.
-PASS: canSet('targetWindow.location.hostname') should be 'false' and is.
-PASS: canSet('targetWindow.location.pathname') should be 'false' and is.
-PASS: canSet('targetWindow.location.port') should be 'false' and is.
-PASS: canSet('targetWindow.location.protocol') should be 'false' and is.
-PASS: canSet('targetWindow.location.search') should be 'false' and is.
-PASS: canGet('targetWindow.location.assign') should be 'true' and is.
-PASS: canGet('targetWindow.location.reload') should be 'true' and is.
-PASS: canGet('targetWindow.location.replace') should be 'true' and is.
-Firefox allows calling the 'location' functions exception, bizzarely, 'assign'
-PASS: canCall('targetWindow.location.assign', 'data:text/html,<p>in ur location object</p>') should be 'true' and is.
-PASS: canCall('targetWindow.location.reload') should be 'true' and is.
-PASS: canCall('targetWindow.location.replace', 'data:text/html,<p>in ur location object</p>') should be 'true' and is.
-Firefox prohibits getting 'history.length' but that seems unnecessarily strict since you're allowed to use the 'history' object.
-PASS: canGet('targetWindow.history.length') should be 'true' and is.
-PASS: canGet('targetWindow.history.back') should be 'true' and is.
-PASS: canGet('targetWindow.history.forward') should be 'true' and is.
-PASS: canGet('targetWindow.history.go') should be 'true' and is.
-PASS: canCall('targetWindow.history.back') should be 'true' and is.
-PASS: canCall('targetWindow.history.forward') should be 'true' and is.
-PASS: canCall('targetWindow.history.go', '-1') should be 'true' and is.
-PASS: canGet('targetWindow.history.toString') should be 'true' and is.
-PASS: toString('targetWindow.history') should be '[object History]' and is.
-
--- /dev/null
+
+
+----- tests for getting/setting the frames array access and the properties associated with it -----
+
+PASS: targetWindow.frames.length should be '1' and is.
+PASS: canGet('targetWindow.frames[0]') should be 'true' and is.
+PASS: canGet('targetWindow[0]') should be 'true' and is.
+
--- /dev/null
+<html>
+<head>
+ <script src="resources/cross-frame-access.js"></script>
+</head>
+<body>
+<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
+<pre id="console"></pre>
+<script>
+
+window.targetWindow = frames[0];
+
+window.onload = function()
+{
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ log("\n----- tests for getting/setting the frames array access and the properties associated with it -----\n");
+
+ // frames array
+ shouldBe("targetWindow.frames.length", 1);
+ shouldBeTrue("canGet('targetWindow.frames[0]')");
+ shouldBeTrue("canGet('targetWindow[0]')");
+
+ // Work around DRT bug that causes subsequent tests to fail.
+ window.stop();
+}
+</script>
+</body>
+</html>
--- /dev/null
+
+
+----- tests for getting/setting window.history and its properties -----
+
+Firefox prohibits getting 'history.length' but that seems unnecessarily strict since you're allowed to use the 'history' object.
+PASS: canGet('targetWindow.history.length') should be 'true' and is.
+PASS: canGet('targetWindow.history.back') should be 'true' and is.
+PASS: canGet('targetWindow.history.forward') should be 'true' and is.
+PASS: canGet('targetWindow.history.go') should be 'true' and is.
+PASS: canCall('targetWindow.history.back') should be 'true' and is.
+PASS: canCall('targetWindow.history.forward') should be 'true' and is.
+PASS: canCall('targetWindow.history.go', '-1') should be 'true' and is.
+PASS: canGet('targetWindow.history.toString') should be 'true' and is.
+PASS: toString('targetWindow.history') should be '[object History]' and is.
+
--- /dev/null
+<html>
+<head>
+ <script src="resources/cross-frame-access.js"></script>
+</head>
+<body>
+<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
+<pre id="console"></pre>
+<script>
+
+window.targetWindow = frames[0];
+
+window.onload = function()
+{
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ log("\n----- tests for getting/setting window.history and its properties -----\n");
+
+ // history object
+ log("Firefox prohibits getting 'history.length' but that seems unnecessarily strict since you're allowed to use the 'history' object.");
+ shouldBeTrue("canGet('targetWindow.history.length')");
+
+ shouldBeTrue("canGet('targetWindow.history.back')");
+ shouldBeTrue("canGet('targetWindow.history.forward')");
+ shouldBeTrue("canGet('targetWindow.history.go')");
+ shouldBeTrue("canCall('targetWindow.history.back')");
+ shouldBeTrue("canCall('targetWindow.history.forward')");
+ shouldBeTrue("canCall('targetWindow.history.go', '-1')");
+
+ shouldBeTrue("canGet('targetWindow.history.toString')");
+ shouldBe("toString('targetWindow.history')", "'[object History]'");
+
+ // Work around DRT bug that causes subsequent tests to fail.
+ window.stop();
+}
+</script>
+</body>
+</html>
--- /dev/null
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location.html. Domains, protocols and ports must match.
+
+
+
+----- tests for getting/setting window.location and its properties -----
+
+PASS: canGet('targetWindow.location') should be 'true' and is.
+PASS: toString('targetWindow.location', '') should be '' and is.
+Firefox allows access to 'location.toString' but throws an exception when you call it.
+PASS: canGet('targetWindow.location.toString') should be 'false' and is.
+PASS: canSet('targetWindow.location.toString') should be 'false' and is.
+PASS: canGet('targetWindow.location.href') should be 'false' and is.
+PASS: canGet('targetWindow.location.hash') should be 'false' and is.
+PASS: canGet('targetWindow.location.host') should be 'false' and is.
+PASS: canGet('targetWindow.location.hostname') should be 'false' and is.
+PASS: canGet('targetWindow.location.pathname') should be 'false' and is.
+PASS: canGet('targetWindow.location.port') should be 'false' and is.
+PASS: canGet('targetWindow.location.protocol') should be 'false' and is.
+PASS: canGet('targetWindow.location.search') should be 'false' and is.
+PASS: canSet('targetWindow.location') should be 'false' and is.
+PASS: canSet('targetWindow.location.href') should be 'false' and is.
+PASS: canSet('targetWindow.location.hash') should be 'false' and is.
+PASS: canSet('targetWindow.location.host') should be 'false' and is.
+PASS: canSet('targetWindow.location.hostname') should be 'false' and is.
+PASS: canSet('targetWindow.location.pathname') should be 'false' and is.
+PASS: canSet('targetWindow.location.port') should be 'false' and is.
+PASS: canSet('targetWindow.location.protocol') should be 'false' and is.
+PASS: canSet('targetWindow.location.search') should be 'false' and is.
+PASS: canGet('targetWindow.location.assign') should be 'true' and is.
+PASS: canGet('targetWindow.location.reload') should be 'true' and is.
+PASS: canGet('targetWindow.location.replace') should be 'true' and is.
+Firefox allows calling the 'location' functions exception, bizzarely, 'assign'
+PASS: canCall('targetWindow.location.assign', 'data:text/html,<p>in ur location object</p>') should be 'true' and is.
+PASS: canCall('targetWindow.location.reload') should be 'true' and is.
+PASS: canCall('targetWindow.location.replace', 'data:text/html,<p>in ur location object</p>') should be 'true' and is.
+
--- /dev/null
+<html>
+<head>
+ <script src="resources/cross-frame-access.js"></script>
+</head>
+<body>
+<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
+<pre id="console"></pre>
+<script>
+
+window.targetWindow = frames[0];
+
+window.onload = function()
+{
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ log("\n----- tests for getting/setting window.location and its properties -----\n");
+
+ shouldBeTrue("canGet('targetWindow.location')");
+ shouldBe("toString('targetWindow.location', '')", "''");
+
+ log("Firefox allows access to 'location.toString' but throws an exception when you call it.");
+ shouldBeFalse("canGet('targetWindow.location.toString')");
+ shouldBeFalse("canSet('targetWindow.location.toString')");
+
+ shouldBeFalse("canGet('targetWindow.location.href')");
+ shouldBeFalse("canGet('targetWindow.location.hash')");
+ shouldBeFalse("canGet('targetWindow.location.host')");
+ shouldBeFalse("canGet('targetWindow.location.hostname')");
+ shouldBeFalse("canGet('targetWindow.location.pathname')");
+ shouldBeFalse("canGet('targetWindow.location.port')");
+ shouldBeFalse("canGet('targetWindow.location.protocol')");
+ shouldBeFalse("canGet('targetWindow.location.search')");
+
+ // FIXME -- not sure these settable tests actually test anything (because you can't read the results)
+ shouldBeFalse("canSet('targetWindow.location')");
+ shouldBeFalse("canSet('targetWindow.location.href')");
+ shouldBeFalse("canSet('targetWindow.location.hash')");
+ shouldBeFalse("canSet('targetWindow.location.host')");
+ shouldBeFalse("canSet('targetWindow.location.hostname')");
+ shouldBeFalse("canSet('targetWindow.location.pathname')");
+ shouldBeFalse("canSet('targetWindow.location.port')");
+ shouldBeFalse("canSet('targetWindow.location.protocol')");
+ shouldBeFalse("canSet('targetWindow.location.search')");
+
+ shouldBeTrue("canGet('targetWindow.location.assign')");
+ shouldBeTrue("canGet('targetWindow.location.reload')");
+ shouldBeTrue("canGet('targetWindow.location.replace')");
+
+ log("Firefox allows calling the 'location' functions exception, bizzarely, 'assign'");
+ shouldBeTrue("canCall('targetWindow.location.assign', 'data:text/html,<p>in ur location object</p>')");
+ shouldBeTrue("canCall('targetWindow.location.reload')");
+ shouldBeTrue("canCall('targetWindow.location.replace', 'data:text/html,<p>in ur location object</p>')");
+
+ // Work around DRT bug that causes subsequent tests to fail.
+ window.stop();
+}
+</script>
+</body>
+</html>
--- /dev/null
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-name-getter.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-name-getter.html. Domains, protocols and ports must match.
+
+
+
+----- tests for getting properties by name -----
+
+PASS: canGet('targetWindow.testiframe') should be 'true' and is.
+PASS: canGet('targetWindow.testimage') should be 'false' and is.
+
--- /dev/null
+<html>
+<head>
+ <script src="resources/cross-frame-access.js"></script>
+</head>
+<body>
+<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
+<pre id="console"></pre>
+<script>
+
+window.targetWindow = frames[0];
+
+window.onload = function()
+{
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ log("\n----- tests for getting properties by name -----\n");
+
+ // frame by name
+ shouldBeTrue("canGet('targetWindow.testiframe')");
+
+ // element by name
+ shouldBeFalse("canGet('targetWindow.testimage')");
+
+ // Work around DRT bug that causes subsequent tests to fail.
+ window.stop();
+}
+</script>
+</body>
+</html>
+<html>
+<head>
+ <script src="resources/cross-frame-access.js"></script>
+</head>
+<body>
<p>This test checks cross-frame access security (rdar://problem/5251309).</p>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
<pre id="console"></pre>
-
<script>
-function log(s)
-{
- document.getElementById("console").appendChild(document.createTextNode(s + "\n"));
-}
-
-function shouldBe(a, b)
-{
- var evalA, evalB;
- try {
- evalA = eval(a);
- evalB = eval(b);
- } catch(e) {
- evalA = e;
- }
-
- var message = (evalA === evalB)
- ? "PASS: " + a + " should be '" + evalB + "' and is."
- : "*** FAIL: " + a + " should be '" + evalB + "' but instead is " + evalA + ". ***";
- log(message);
-}
-
-function shouldBeTrue(a)
-{
- shouldBe(a, "true");
-}
-
-function shouldBeFalse(b)
-{
- shouldBe(b, "false");
-}
-
-function canGet(keyPath)
-{
- try {
- return eval("window." + keyPath) !== undefined;
- } catch(e) {
- return false;
- }
-}
-
-window.marker = { };
-
-function canSet(keyPath, valuePath)
-{
- if (valuePath === undefined)
- valuePath = "window.marker";
-
- try {
- eval("window." + keyPath + " = " + valuePath);
- return eval("window." + keyPath) === eval("window." + valuePath);
- } catch(e) {
- return false;
- }
-}
-
-function canCall(keyPath, argumentString)
-{
- try {
- eval("window." + keyPath + "(" + (argumentString === undefined ? "" : "'" + argumentString + "'") + ")");
- return true;
- } catch(e) {
- return false;
- }
-}
-
-function toString(expression, valueForException)
-{
- if (valueForException === undefined)
- valueForException = "[exception]";
-
- try {
- var evalExpression = eval(expression);
- if (evalExpression === undefined)
- throw null;
- return String(evalExpression);
- } catch(e) {
- return valueForException;
- }
-}
-
var windowPropertiesNotAllowed = [
"Attr",
"CDATASection",
window.onload = function()
{
- if (window.layoutTestController) {
+ if (window.layoutTestController)
layoutTestController.dumpAsText();
- }
-
+
log("\n----- tests for getting/setting vanilla properties -----\n");
-
+
for (var i = 0; i < windowPropertiesAllowed.length; i++) { //>
var property = windowPropertiesAllowed[i];
shouldBeTrue("canGet('targetWindow." + property + "')");
shouldBeFalse("canSet('targetWindow." + property + "')");
}
- log("\n----- tests for getting/setting interesting properties -----\n");
-
- // built-in property
- shouldBeFalse("canGet('targetWindow.Object')");
- shouldBeFalse("canSet('targetWindow.Object')");
-
- // pre-existing custom property
- shouldBeFalse("canGet('targetWindow.existingCustomProperty')");
- shouldBeFalse("canSet('targetWindow.existingCustomProperty')");
-
- // new custom property
- shouldBeFalse("canSet('targetWindow.newCustomProperty')");
-
- // built-in prototype property
- shouldBeFalse("canGet('targetWindow.hasOwnProperty')");
- shouldBeFalse("canSet('targetWindow.hasOwnProperty')");
-
- // custom prototype property
- shouldBeFalse("canGet('targetWindow.prototypeCustomProperty')");
- shouldBeFalse("canSet('targetWindow.prototypeCustomProperty')");
-
- // window object itself
- shouldBeFalse("canGet('targetWindow.toString')");
- shouldBeFalse("canSet('targetWindow.toString')");
- log("FIXME: Firefox allows converting a window to string -- maybe WebKit should, too.");
- shouldBe("toString('targetWindow', '')", "''");
-
- // frame by name
- shouldBeTrue("canGet('targetWindow.testiframe')");
-
- // element by name
- shouldBeFalse("canGet('targetWindow.testimage')");
-
- // frames array
- shouldBe("targetWindow.frames.length", 1);
- shouldBeTrue("canGet('targetWindow.frames[0]')");
- shouldBeTrue("canGet('targetWindow[0]')");
-
- shouldBeTrue("canGet('targetWindow.location')");
- shouldBe("toString('targetWindow.location', '')", "''");
-
- log("Firefox allows access to 'location.toString' but throws an exception when you call it.");
- shouldBeFalse("canGet('targetWindow.location.toString')");
- shouldBeFalse("canSet('targetWindow.location.toString')");
-
- shouldBeFalse("canGet('targetWindow.location.href')");
- shouldBeFalse("canGet('targetWindow.location.hash')");
- shouldBeFalse("canGet('targetWindow.location.host')");
- shouldBeFalse("canGet('targetWindow.location.hostname')");
- shouldBeFalse("canGet('targetWindow.location.pathname')");
- shouldBeFalse("canGet('targetWindow.location.port')");
- shouldBeFalse("canGet('targetWindow.location.protocol')");
- shouldBeFalse("canGet('targetWindow.location.search')");
-
- // FIXME -- not sure these settable tests actually test anything (because you can't read the results)
- shouldBeFalse("canSet('targetWindow.location')");
- shouldBeFalse("canSet('targetWindow.location.href')");
- shouldBeFalse("canSet('targetWindow.location.hash')");
- shouldBeFalse("canSet('targetWindow.location.host')");
- shouldBeFalse("canSet('targetWindow.location.hostname')");
- shouldBeFalse("canSet('targetWindow.location.pathname')");
- shouldBeFalse("canSet('targetWindow.location.port')");
- shouldBeFalse("canSet('targetWindow.location.protocol')");
- shouldBeFalse("canSet('targetWindow.location.search')");
-
- shouldBeTrue("canGet('targetWindow.location.assign')");
- shouldBeTrue("canGet('targetWindow.location.reload')");
- shouldBeTrue("canGet('targetWindow.location.replace')");
-
- log("Firefox allows calling the 'location' functions exception, bizzarely, 'assign'");
- shouldBeTrue("canCall('targetWindow.location.assign', 'data:text/html,<p>in ur location object</p>')");
- shouldBeTrue("canCall('targetWindow.location.reload')");
- shouldBeTrue("canCall('targetWindow.location.replace', 'data:text/html,<p>in ur location object</p>')");
-
- // history object
- log("Firefox prohibits getting 'history.length' but that seems unnecessarily strict since you're allowed to use the 'history' object.");
- shouldBeTrue("canGet('targetWindow.history.length')");
-
- shouldBeTrue("canGet('targetWindow.history.back')");
- shouldBeTrue("canGet('targetWindow.history.forward')");
- shouldBeTrue("canGet('targetWindow.history.go')");
- shouldBeTrue("canCall('targetWindow.history.back')");
- shouldBeTrue("canCall('targetWindow.history.forward')");
- shouldBeTrue("canCall('targetWindow.history.go', '-1')");
-
- shouldBeTrue("canGet('targetWindow.history.toString')");
- shouldBe("toString('targetWindow.history')", "'[object History]'");
-
// Work around DRT bug that causes subsequent tests to fail.
window.stop();
}
</script>
+</body>
+</html>
--- /dev/null
+function log(s)
+{
+ document.getElementById("console").appendChild(document.createTextNode(s + "\n"));
+}
+
+function shouldBe(a, b)
+{
+ var evalA, evalB;
+ try {
+ evalA = eval(a);
+ evalB = eval(b);
+ } catch(e) {
+ evalA = e;
+ }
+
+ var message = (evalA === evalB)
+ ? "PASS: " + a + " should be '" + evalB + "' and is."
+ : "*** FAIL: " + a + " should be '" + evalB + "' but instead is " + evalA + ". ***";
+ log(message);
+}
+
+function shouldBeTrue(a)
+{
+ shouldBe(a, "true");
+}
+
+function shouldBeFalse(b)
+{
+ shouldBe(b, "false");
+}
+
+function canGet(keyPath)
+{
+ try {
+ return eval("window." + keyPath) !== undefined;
+ } catch(e) {
+ return false;
+ }
+}
+
+window.marker = { };
+
+function canSet(keyPath, valuePath)
+{
+ if (valuePath === undefined)
+ valuePath = "window.marker";
+
+ try {
+ eval("window." + keyPath + " = " + valuePath);
+ return eval("window." + keyPath) === eval("window." + valuePath);
+ } catch(e) {
+ return false;
+ }
+}
+
+function canCall(keyPath, argumentString)
+{
+ try {
+ eval("window." + keyPath + "(" + (argumentString === undefined ? "" : "'" + argumentString + "'") + ")");
+ return true;
+ } catch(e) {
+ return false;
+ }
+}
+
+function toString(expression, valueForException)
+{
+ if (valueForException === undefined)
+ valueForException = "[exception]";
+
+ try {
+ var evalExpression = eval(expression);
+ if (evalExpression === undefined)
+ throw null;
+ return String(evalExpression);
+ } catch(e) {
+ return valueForException;
+ }
+}
git://git.webkit.org / WebKit-https.git / commitdiff