Commit 4779e651 authored by yurys@chromium.org's avatar yurys@chromium.org

2011-01-24 Yury Semikhatsky <yurys@chromium.org>

        Unreviewed. Update Chromium test expectations.

        * platform/chromium-mac/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt:
        * platform/chromium-mac/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt:
        * platform/chromium-mac/http/tests/security/xss-DENIED-frame-name-expected.txt:
        * platform/chromium/test_expectations.txt:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76506 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 0c0db027
2011-01-24 Yury Semikhatsky <yurys@chromium.org>
Unreviewed. Update Chromium test expectations.
* platform/chromium-mac/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt:
* platform/chromium-mac/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt:
* platform/chromium-mac/http/tests/security/xss-DENIED-frame-name-expected.txt:
* platform/chromium/test_expectations.txt:
2011-01-24 Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed by Oliver Hunt.
......
CONSOLE MESSAGE: line 1: Uncaught TypeError: Cannot read property 'body' of undefined
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Uncaught TypeError: Cannot read property 'body' of undefined
This page opens a window to "", injects malicious code, and then navigates its opener to the victim. The opened window then tries to scripts its opener after document.writeing a new document.
Code injected into window:
<script>document.write('<script>function write(target, message) { target.document.body.innerHTML = message; }setTimeout(function() {write(window.opener, \'FAIL: XSS was allowed.\');}, 100);setTimeout(function() {write(window.opener.top.frames[1], \'SUCCESS: Window remained in original SecurityOrigin.\');}, 200);setTimeout(function() { if (window.layoutTestController) layoutTestController.globalFlag = true; }, 300);<\/script>');</script>
......
CONSOLE MESSAGE: line 1: Uncaught TypeError: Cannot read property 'body' of undefined
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Uncaught TypeError: Cannot read property 'body' of undefined
This page opens a window to "", injects malicious code, and then navigates its opener to the victim. The opened window then tries to scripts its opener after reloading itself as a javascript URL.
Code injected into window:
<script>window.location = 'javascript:\'<script>function write(target, message) { target.document.body.innerHTML = message; }setTimeout(function() {write(window.opener, \\\'FAIL: XSS was allowed.\\\');}, 100);setTimeout(function() {write(window.opener.top.frames[1], \\\'SUCCESS: Window remained in original SecurityOrigin.\\\');}, 200);setTimeout(function() { if (window.layoutTestController) layoutTestController.globalFlag = true; }, 300);<\\\/script>\''</script>
......
CONSOLE MESSAGE: line 2: Uncaught TypeError: Cannot read property 'prop' of undefined
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-frame-name.html from frame with URL http://localhost:8000/security/resources/frame-for-parent-name.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 2: Uncaught TypeError: Cannot read property 'prop' of undefined
This test passes if it doesn't alert fail.
......@@ -3091,9 +3091,8 @@ BUGDIMICH : fast/regex/cross-frame-callable.html = TEXT
BUGTHAKIS LINUX WIN : media/video-display-toggle.html = IMAGE
// New test that was non-deterministic.
BUGYURYS : userscripts/window-onerror-for-isolated-world-1.html = PASS TEXT
BUGYURYS MAC : userscripts/window-onerror-for-isolated-world-2.html = PASS TEXT
BUGYURYS WIN LINUX : userscripts/window-onerror-for-isolated-world-2.html = PASS TEXT TIMEOUT
BUGYURYS SLOW DEBUG : userscripts/window-onerror-for-isolated-world-1.html = PASS
BUGYURYS SLOW DEBUG : userscripts/window-onerror-for-isolated-world-2.html = PASS
BUGYURYS : http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html = PASS TEXT
BUGYURYS : http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html = PASS TEXT
BUGYURYS : http/tests/security/xss-DENIED-frame-name.html = PASS TEXT
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment