third_party/WebKit/LayoutTests/http/tests/security/cross-frame-access-call.html - chromium/src - Git at Google

 <html>
 <head>
     <script src="/js-test-resources/js-test.js"></script>
     <script src="resources/cross-frame-access.js"></script>
 </head>
 <body>
 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
 <pre id="console"></pre>
 <script>

 window.jsTestIsAsync = true;
 window.targetWindow = frames[0];

 window.onload = function()
 {
     if (window.testRunner)
         testRunner.setCanOpenWindows(true);

     description("\n----- tests for calling methods of another frame using Function.call -----\n");

     // Allowed
     // void focus();
     // void blur();
     // void close();
     // void postMessage(in DOMString message);

     // - Tests for the Window object -
     shouldThrow("window.setTimeout.call(targetWindow, 'void(0);', 0)", '"SecurityError: Failed to execute \'setTimeout\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.setInterval.call(targetWindow, 'void(0);', 0)", '"SecurityError: Failed to execute \'setInterval\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.open.call(targetWindow, '')", '"SecurityError: Failed to execute \'open\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.getSelection.call(targetWindow)", '"SecurityError: Failed to execute \'getSelection\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.find.call(targetWindow, 'string', false, false, false, false, false, false)", '"SecurityError: Failed to execute \'find\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.confirm.call(targetWindow, 'message')", '"SecurityError: Failed to execute \'confirm\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.prompt.call(targetWindow, 'message', 'defaultValue')", '"SecurityError: Failed to execute \'prompt\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.getComputedStyle.call(targetWindow, document.body, '')", '"SecurityError: Failed to execute \'getComputedStyle\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.getMatchedCSSRules.call(targetWindow, document.body, '')", '"SecurityError: Failed to execute \'getMatchedCSSRules\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.openDatabase.call(targetWindow, 'name', '1.0', 'description', 0)", '"SecurityError: Failed to execute \'openDatabase\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.atob.call(targetWindow, 'string')", '"SecurityError: Failed to execute \'atob\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.btoa.call(targetWindow, 'string')", '"SecurityError: Failed to execute \'btoa\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.clearTimeout.call(targetWindow, 0);", '"SecurityError: Failed to execute \'clearTimeout\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.clearInterval.call(targetWindow, 0);", '"SecurityError: Failed to execute \'clearInterval\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.print.call(targetWindow);", '"SecurityError: Failed to execute \'print\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.stop.call(targetWindow);", '"SecurityError: Failed to execute \'stop\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.alert.call(targetWindow, 'message');", '"SecurityError: Failed to execute \'alert\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.scrollBy.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'scrollBy\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.scrollTo.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'scrollTo\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.scroll.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'scroll\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.moveBy.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'moveBy\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.moveTo.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'moveTo\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.resizeBy.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'resizeBy\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.resizeTo.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'resizeTo\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.addEventListener.call(targetWindow, 'load', null, false);", '"SecurityError: Failed to execute \'addEventListener\' on \'EventTarget\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
     shouldThrow("window.removeEventListener.call(targetWindow, 'load', null, false);", '"SecurityError: Failed to execute \'removeEventListener\' on \'EventTarget\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');

     // Throws an EvalError and logs to the error console
     shouldBe("window.eval.call(targetWindow, '1+2');", '3');

     // - Tests for the Location object -
     shouldThrow("window.location.toString.call(targetWindow.location)", '"SecurityError: Failed to execute \'toString\' on \'Location\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');

     finishJSTest();
 }
 </script>
 </body>
 </html>
	<html>
	<head>
	<script src="/js-test-resources/js-test.js"></script>
	<script src="resources/cross-frame-access.js"></script>
	</head>
	<body>
	<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
	<pre id="console"></pre>
	<script>

	window.jsTestIsAsync = true;
	window.targetWindow = frames[0];

	window.onload = function()
	{
	if (window.testRunner)
	testRunner.setCanOpenWindows(true);

	description("\n----- tests for calling methods of another frame using Function.call -----\n");

	// Allowed
	// void focus();
	// void blur();
	// void close();
	// void postMessage(in DOMString message);

	// - Tests for the Window object -
	shouldThrow("window.setTimeout.call(targetWindow, 'void(0);', 0)", '"SecurityError: Failed to execute \'setTimeout\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.setInterval.call(targetWindow, 'void(0);', 0)", '"SecurityError: Failed to execute \'setInterval\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.open.call(targetWindow, '')", '"SecurityError: Failed to execute \'open\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.getSelection.call(targetWindow)", '"SecurityError: Failed to execute \'getSelection\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.find.call(targetWindow, 'string', false, false, false, false, false, false)", '"SecurityError: Failed to execute \'find\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.confirm.call(targetWindow, 'message')", '"SecurityError: Failed to execute \'confirm\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.prompt.call(targetWindow, 'message', 'defaultValue')", '"SecurityError: Failed to execute \'prompt\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.getComputedStyle.call(targetWindow, document.body, '')", '"SecurityError: Failed to execute \'getComputedStyle\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.getMatchedCSSRules.call(targetWindow, document.body, '')", '"SecurityError: Failed to execute \'getMatchedCSSRules\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.openDatabase.call(targetWindow, 'name', '1.0', 'description', 0)", '"SecurityError: Failed to execute \'openDatabase\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.atob.call(targetWindow, 'string')", '"SecurityError: Failed to execute \'atob\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.btoa.call(targetWindow, 'string')", '"SecurityError: Failed to execute \'btoa\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.clearTimeout.call(targetWindow, 0);", '"SecurityError: Failed to execute \'clearTimeout\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.clearInterval.call(targetWindow, 0);", '"SecurityError: Failed to execute \'clearInterval\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.print.call(targetWindow);", '"SecurityError: Failed to execute \'print\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.stop.call(targetWindow);", '"SecurityError: Failed to execute \'stop\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.alert.call(targetWindow, 'message');", '"SecurityError: Failed to execute \'alert\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.scrollBy.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'scrollBy\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.scrollTo.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'scrollTo\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.scroll.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'scroll\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.moveBy.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'moveBy\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.moveTo.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'moveTo\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.resizeBy.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'resizeBy\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.resizeTo.call(targetWindow, 0, 0);", '"SecurityError: Failed to execute \'resizeTo\' on \'Window\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.addEventListener.call(targetWindow, 'load', null, false);", '"SecurityError: Failed to execute \'addEventListener\' on \'EventTarget\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("window.removeEventListener.call(targetWindow, 'load', null, false);", '"SecurityError: Failed to execute \'removeEventListener\' on \'EventTarget\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');

	// Throws an EvalError and logs to the error console
	shouldBe("window.eval.call(targetWindow, '1+2');", '3');

	// - Tests for the Location object -
	shouldThrow("window.location.toString.call(targetWindow.location)", '"SecurityError: Failed to execute \'toString\' on \'Location\': Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');

	finishJSTest();
	}
	</script>
	</body>
	</html>