Commit 1eb1040b authored by weinig's avatar weinig

Reviewed by Geoff Garen.

        Move cross frame access put tests into cross-frame-access-put.html.

        * http/tests/security/cross-frame-access-custom-expected.txt:
        * http/tests/security/cross-frame-access-custom.html:
        * http/tests/security/cross-frame-access-expected.txt:
        * http/tests/security/cross-frame-access-first-time-expected.txt:
        * http/tests/security/cross-frame-access-first-time.html:
        * http/tests/security/cross-frame-access-frames.html:
        * http/tests/security/cross-frame-access-history.html:
        * http/tests/security/cross-frame-access-location-expected.txt:
        * http/tests/security/cross-frame-access-location.html:
        * http/tests/security/cross-frame-access-name-getter-expected.txt:
        * http/tests/security/cross-frame-access-name-getter.html:
        * http/tests/security/cross-frame-access-put-expected.txt:
        * http/tests/security/cross-frame-access-put.html:
        * http/tests/security/cross-frame-access.html:
        * http/tests/security/resources/cross-frame-iframe-for-get-test.html: Copied from http/tests/security/resources/cross-frame-iframe.html.
        * http/tests/security/resources/cross-frame-iframe-for-put-test.html:
        * http/tests/security/resources/cross-frame-iframe.html: Removed.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@24337 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 5241962b
2007-07-16 Sam Weinig <sam@webkit.org>
Reviewed by Geoff Garen.
Move cross frame access put tests into cross-frame-access-put.html.
* http/tests/security/cross-frame-access-custom-expected.txt:
* http/tests/security/cross-frame-access-custom.html:
* http/tests/security/cross-frame-access-expected.txt:
* http/tests/security/cross-frame-access-first-time-expected.txt:
* http/tests/security/cross-frame-access-first-time.html:
* http/tests/security/cross-frame-access-frames.html:
* http/tests/security/cross-frame-access-history.html:
* http/tests/security/cross-frame-access-location-expected.txt:
* http/tests/security/cross-frame-access-location.html:
* http/tests/security/cross-frame-access-name-getter-expected.txt:
* http/tests/security/cross-frame-access-name-getter.html:
* http/tests/security/cross-frame-access-put-expected.txt:
* http/tests/security/cross-frame-access-put.html:
* http/tests/security/cross-frame-access.html:
* http/tests/security/resources/cross-frame-iframe-for-get-test.html: Copied from http/tests/security/resources/cross-frame-iframe.html.
* http/tests/security/resources/cross-frame-iframe-for-put-test.html:
* http/tests/security/resources/cross-frame-iframe.html: Removed.
2007-07-16 Adele Peterson <adele@apple.com>
Updated results for Tiger and filed:
......@@ -3,7 +3,7 @@
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
......
This source diff could not be displayed because it is too large. You can view the blob instead.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-first-time.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-first-time.html. Domains, protocols and ports must match.
This test checks cross-frame access security for first-time access to the document (rdar://problem/5251309).
......
<p>This test checks cross-frame access security for first-time access to the document (rdar://problem/5251309).</p>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
......
......@@ -3,7 +3,7 @@
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
......
......@@ -3,7 +3,7 @@
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
......
......@@ -3,7 +3,7 @@
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-name-getter.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-name-getter.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-name-getter.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-name-getter.html. Domains, protocols and ports must match.
......
......@@ -3,7 +3,7 @@
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
......
......@@ -4,10 +4,10 @@
</head>
<body>
<p>This test checks cross-frame access security (rdar://problem/5251309).</p>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html" style=""></iframe>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
var windowPropertiesNotAllowed = [
var windowConstructorPropertiesNotAllowed = [
"Attr",
"CDATASection",
"CSSPrimitiveValue",
......@@ -102,16 +102,42 @@ var windowPropertiesNotAllowed = [
"XMLSerializer",
"XPathEvaluator",
"XPathResult",
"XSLTProcessor",
"XSLTProcessor"
];
var windowFunctionPropertiesNotAllowed = [
"addEventListener",
"alert",
"atob",
"atob",
"btoa",
"captureEvents",
"clearInterval",
"clearTimeout",
"confirm",
"find",
"getComputedStyle",
"getMatchedCSSRules",
"getSelection",
"moveBy",
"moveTo",
"open",
"print",
"prompt",
"releaseEvents",
"removeEventListener",
"resizeBy",
"resizeTo",
"scroll",
"scrollBy",
"scrollTo",
"setInterval",
"setTimeout",
"showModalDialog",
"stop"
];
var windowAttributesPropertiesNotAllowed = [
"clientInformation",
"confirm",
"console",
"crypto",
"defaultStatus",
......@@ -121,18 +147,12 @@ var windowPropertiesNotAllowed = [
"embeds",
"eval",
"event",
"find",
"frameElement",
"getComputedStyle",
"getMatchedCSSRules",
"getSelection",
"images",
"innerHeight",
"innerWidth",
"locationbar",
"menubar",
"moveBy",
"moveTo",
"name",
"navigator",
"offscreenBuffering",
......@@ -161,44 +181,33 @@ var windowPropertiesNotAllowed = [
"onselect",
"onsubmit",
"onunload",
"open",
"outerHeight",
"outerWidth",
"pageXOffset",
"pageYOffset",
"personalbar",
"plugins",
"print",
"prompt",
"releaseEvents",
"removeEventListener",
"resizeBy",
"resizeTo",
"screen",
"screenLeft",
"screenTop",
"screenX",
"screenY",
"scroll",
"scrollBy",
"scrollTo",
"scrollX",
"scrollY",
"scrollbars",
"setInterval",
"setTimeout",
"showModalDialog",
"status",
"statusbar",
"stop",
"toolbar"
];
var windowPropertiesAllowed = [
var windowFunctionPropertiesAllowed = [
"blur",
"close",
"focus"
]
var windowAttributesPropertiesAllowed = [
"closed",
"focus",
"frames",
"history",
"length",
......@@ -216,19 +225,41 @@ window.onload = function()
if (window.layoutTestController)
layoutTestController.dumpAsText();
log("\n----- tests for getting/setting vanilla properties -----\n");
log("\n----- tests for getting of allowed properties -----\n");
for (var i = 0; i < windowPropertiesAllowed.length; i++) { //>
var property = windowPropertiesAllowed[i];
log("\n----- tests for getting of allowed Functions -----\n");
for (var i = 0; i < windowFunctionPropertiesAllowed.length; i++) {
var property = windowFunctionPropertiesAllowed[i];
shouldBeTrue("canGet('targetWindow." + property + "')");
}
for (var i = 0; i < windowPropertiesNotAllowed.length; i++) { //>
var property = windowPropertiesNotAllowed[i];
log("\n----- tests for getting of allowed Attributes -----\n");
for (var i = 0; i < windowAttributesPropertiesAllowed.length; i++) {
var property = windowAttributesPropertiesAllowed[i];
shouldBeTrue("canGet('targetWindow." + property + "')");
}
log("\n----- tests for getting of not allowed properties -----\n");
log("\n----- tests for getting of not allowed Constructors -----\n");
for (var i = 0; i < windowConstructorPropertiesNotAllowed.length; i++) {
var property = windowConstructorPropertiesNotAllowed[i];
shouldBeFalse("canGet('targetWindow." + property + "')");
}
log("\n----- tests for getting of not allowed Functions -----\n");
for (var i = 0; i < windowFunctionPropertiesNotAllowed.length; i++) {
var property = windowFunctionPropertiesNotAllowed[i];
shouldBeFalse("canGet('targetWindow." + property + "')");
}
log("\n----- tests for getting of not allowed Attributes -----\n");
for (var i = 0; i < windowAttributesPropertiesNotAllowed.length; i++) {
var property = windowAttributesPropertiesNotAllowed[i];
if (property == "document")
log("Firefox allows access to 'document' but throws an exception when you access its properties.");
shouldBeFalse("canGet('targetWindow." + property + "')");
shouldBeFalse("canSet('targetWindow." + property + "')");
}
// Work around DRT bug that causes subsequent tests to fail.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment