blob: b07221bb3c7734931f4beb5e426bb7e32304dba4 [file] [log] [blame]
<html>
<head>
<script>
window.onload = function()
{
if (window.testRunner) {
testRunner.dumpAsText();
}
function alertMsg(msg) {
return "javascript:alert(\"FAIL: " + msg +
"\");document.body.innerHTML=\"<p style='font-weight:bold;color:red'>Failure testing " + msg + "</p>\";//";
}
// Test different ways of setting iframe.src
var aliasTests = [
// Attr/Node attributes
function(iFrame) { iFrame.attributes['src'].value = alertMsg("value"); iFrame.src = iFrame.src;},
// Text Node Manipulation
function(iFrame) { iFrame.attributes['src'].firstChild.data = alertMsg("nodeValue");},
// Node attribute manipulation functions
function(iFrame) { iFrame.setAttribute("src", alertMsg("setAttribute"));},
function(iFrame) { iFrame.setAttributeNS(null, "src", alertMsg("setAttributeNS"));},
function(iFrame) {
var a = document.createAttribute('src');
a.value = alertMsg("setAttributeNode");
iFrame.setAttributeNode(a);
},
function(iFrame) {
var a = document.createAttribute('src');
a.nodeValue = alertMsg("setAttributeNodeNS");
iFrame.setAttributeNodeNS(a);
},
// NamedNodeMap
function(iFrame) {
var a = document.createAttribute('src');
a.value = alertMsg("setNamedItem()");
iFrame.attributes.setNamedItem(a);
},
function(iFrame) {
var a = document.createAttribute('src');
a.value = alertMsg("setNamedItemNS()");
iFrame.attributes.setNamedItemNS(a);
}
];
function makeOnloadHandler (idx, tgtFrame) {
return function() {
tgtFrame.onload = null;
try {
aliasTests[idx](tgtFrame);
} catch (e) {}
}
}
for (var i = 0; i < aliasTests.length; i++) {
aFrame = document.createElement('iframe');
aFrame.src = 'http://localhost:8080/security/resources/innocent-victim.html';
aFrame.onload = makeOnloadHandler(i, aFrame);
aFrame.width = 700;
aFrame.height = 40;
document.body.appendChild(aFrame);
document.body.appendChild(document.createElement('br'));
}
}
</script>
</head>
<body>
<p>This script tests if iframe.src can be set to a JavaScript URL via alternate
DOM interfaces (such as Node.textContent or NamedNode.setNamedItem).
The test is successful if no alerts appear and the page finishes loading.</p>
</body>
</html>