frame.html (1714B)
1 <!doctype html> 2 <html> 3 <head> 4 <script> 5 if (location.search == "?setdomain") { 6 document.domain = document.domain; 7 } 8 9 // Override the |frames| and |focus| property to test that such overrides are 10 // properly ignored cross-origin. 11 window.frames = "override"; 12 window.focus = "override"; 13 14 // Also add a |then| property to test that it doesn't get exposed. 15 window.then = "something"; 16 window.location.then = "something-else"; 17 18 // If we get a postMessage, we grab references to everything and set 19 // document.domain to trim off our topmost subdomain. 20 window.onmessage = function(evt) { 21 window.windowReferences = []; 22 window.locationReferences = []; 23 for (var i = 0; i < parent.length; ++i) { 24 windowReferences.push(parent[i]); 25 locationReferences.push(parent[i].location); 26 } 27 try { 28 document.domain = document.domain.substring(document.domain.indexOf('.') + 1); 29 evt.source.postMessage('PASS', '*'); 30 } catch (e) { 31 evt.source.postMessage('FAIL: cannot trim off document.domain: ' + e, '*'); 32 } 33 } 34 35 function checkWindowReferences() { 36 for (var i = 0; i < parent.length; ++i) { 37 if (windowReferences[i] != parent[i]) 38 throw new Error("Window references don't match for " + i + " after document.domain"); 39 if (locationReferences[i] != parent[i].location) 40 throw new Error("Location references don't match for " + i + " after document.domain"); 41 } 42 return true; 43 } 44 </script> 45 </head> 46 <body> 47 <!-- Two subframes to give us some indexed properties --> 48 <iframe></iframe> 49 <iframe name=donotleakme></iframe><!-- "donotleakme" is excluded as cross-origin named property due to [[HideFromKeys]] --> 50 </body> 51 </html>