window-security.https.html (6963B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>HTML Test: Window Security</title> 4 <link rel="author" title="Intel" href="http://www.intel.com/" /> 5 <link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/browsers.html#the-window-object" /> 6 <link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/timers.html#timers" /> 7 <link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/webappapis.html#atob" /> 8 <link rel="help" href="https://html.spec.whatwg.org/multipage/#windowsessionstorage" /> 9 <link rel="help" href="https://html.spec.whatwg.org/multipage/#windowlocalstorage" /> 10 <link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/browsers.html#window" /> 11 <link rel="help" href="http://dev.w3.org/csswg/cssom/#extensions-to-the-window-interface" /> 12 <link rel="help" href="http://dev.w3.org/csswg/cssom-view/#extensions-to-the-window-interface" /> 13 <script src="/resources/testharness.js"></script> 14 <script src="/resources/testharnessreport.js"></script> 15 <script src="/common/get-host-info.sub.js"></script> 16 <div id="log"></div> 17 <script> 18 var t = async_test("Window Security testing"); 19 20 function fr_load() { 21 fr = document.getElementById("fr"); 22 23 t.step(function () { 24 //SecurityError should be thrown 25 [ 26 //attributes 27 {name: "devicePixelRatio"}, 28 {name: "document"}, 29 {name: "external"}, 30 {name: "frameElement"}, 31 {name: "history"}, 32 {name: "innerWidth"}, 33 {name: "innerHeight"}, 34 {name: "locationbar"}, 35 {name: "localStorage"}, 36 {name: "menubar"}, 37 {name: "name"}, 38 {name: "navigator"}, 39 {name: "onabort"}, 40 {name: "onafterprint"}, 41 {name: "onbeforeprint"}, 42 {name: "onbeforeunload"}, 43 {name: "onblur"}, 44 {name: "oncancel"}, 45 {name: "oncanplay"}, 46 {name: "oncanplaythrough"}, 47 {name: "onchange"}, 48 {name: "onclick"}, 49 {name: "onclose"}, 50 {name: "oncontextmenu"}, 51 {name: "oncuechange"}, 52 {name: "ondblclick"}, 53 {name: "ondrag"}, 54 {name: "ondragend"}, 55 {name: "ondragenter"}, 56 {name: "ondragleave"}, 57 {name: "ondragover"}, 58 {name: "ondragstart"}, 59 {name: "ondrop"}, 60 {name: "ondurationchange"}, 61 {name: "onemptied"}, 62 {name: "onended"}, 63 {name: "onerror"}, 64 {name: "onfocus"}, 65 {name: "onhashchange"}, 66 {name: "oninput"}, 67 {name: "oninvalid"}, 68 {name: "onkeydown"}, 69 {name: "onkeypress"}, 70 {name: "onkeyup"}, 71 {name: "onload"}, 72 {name: "onloadeddata"}, 73 {name: "onloadedmetadata"}, 74 {name: "onloadstart"}, 75 {name: "onmessage"}, 76 {name: "onmousedown"}, 77 {name: "onmousemove"}, 78 {name: "onmouseout"}, 79 {name: "onmouseover"}, 80 {name: "onmouseup"}, 81 {name: "onmousewheel"}, 82 {name: "onoffline"}, 83 {name: "ononline"}, 84 {name: "onpause"}, 85 {name: "onplay"}, 86 {name: "onplaying"}, 87 {name: "onpagehide"}, 88 {name: "onpageshow"}, 89 {name: "onpopstate"}, 90 {name: "onprogress"}, 91 {name: "onratechange"}, 92 {name: "onreset"}, 93 {name: "onresize"}, 94 {name: "onscroll"}, 95 {name: "onseeked"}, 96 {name: "onseeking"}, 97 {name: "onselect"}, 98 {name: "onstalled"}, 99 {name: "onstorage"}, 100 {name: "onsubmit"}, 101 {name: "onsuspend"}, 102 {name: "ontimeupdate"}, 103 {name: "onunload"}, 104 {name: "onvolumechange"}, 105 {name: "onwaiting"}, 106 {name: "pageXOffset"}, 107 {name: "pageYOffset"}, 108 {name: "personalbar"}, 109 {name: "screen"}, 110 {name: "scrollbars"}, 111 {name: "statusbar"}, 112 {name: "status"}, 113 {name: "screenX"}, 114 {name: "screenY"}, 115 {name: "sessionStorage"}, 116 {name: "toolbar"}, 117 //methods 118 {name: "alert", isMethod: true}, 119 {name: "clearInterval", isMethod: true, args:[1]}, 120 {name: "clearTimeout", isMethod: true, args:[function () {}, 1]}, 121 {name: "confirm", isMethod: true}, 122 {name: "getComputedStyle", isMethod: true, args:[document.body, null]}, 123 {name: "getSelection", isMethod: true}, 124 {name: "matchMedia", isMethod: true, args:["(min-width:50px)"]}, 125 {name: "moveBy", isMethod: true, args:[10, 10]}, 126 {name: "moveTo", isMethod: true, args:[10, 10]}, 127 {name: "open", isMethod: true}, 128 {name: "print", isMethod: true}, 129 {name: "prompt", isMethod: true}, 130 {name: "resizeTo", isMethod: true, args:[10, 10]}, 131 {name: "resizeBy", isMethod: true, args:[10, 10]}, 132 {name: "scroll", isMethod: true, args:[10, 10]}, 133 {name: "scrollTo", isMethod: true, args:[10, 10]}, 134 {name: "scrollBy", isMethod: true, args:[10, 10]}, 135 {name: "setInterval", isMethod: true, args:[function () {}, 1]}, 136 {name: "setTimeout", isMethod: true, args:[function () {}, 1]}, 137 {name: "stop", isMethod: true}, 138 ].forEach(function (item) { 139 test(function () { 140 assert_true(item.name in window, "window." + item.name + " should exist."); 141 assert_throws_dom("SecurityError", function () { 142 if (item.isMethod) 143 if (item.args) 144 fr.contentWindow[item.name](item.args[0], item.args[1]); 145 else 146 fr.contentWindow[item.name](); 147 else 148 fr.contentWindow[item.name]; 149 }, "A SecurityError exception should be thrown."); 150 }, "A SecurityError exception must be thrown when window." + item.name + " is accessed from a different origin."); 151 }); 152 153 //SecurityError should not be thrown 154 [ 155 //attributes 156 {name: "closed"}, 157 {name: "frames"}, 158 {name: "length"}, 159 {name: "location"}, 160 {name: "opener"}, 161 {name: "parent"}, 162 {name: "self"}, 163 {name: "top"}, 164 {name: "window"}, 165 //methods 166 {name: "blur", isMethod: true}, 167 {name: "close", isMethod: true}, 168 {name: "focus", isMethod: true}, 169 {name: "postMessage", isMethod: true, args: [{msg: 'foo'}, "*"]} 170 ].forEach(function (item) { 171 test(function () { 172 assert_true(item.name in window, "window." + item.name + " should exist."); 173 try { 174 if (item.isMethod) 175 if (item.args) 176 fr.contentWindow[item.name](item.args[0], item.args[1]); 177 else 178 fr.contentWindow[item.name](); 179 else 180 fr.contentWindow[item.name]; 181 } catch (e) { 182 assert_unreached("An unexpected exception was thrown."); 183 } 184 }, "A SecurityError exception should not be thrown when window." + item.name + " is accessed from a different origin."); 185 }); 186 }); 187 t.done(); 188 } 189 190 </script> 191 <script> 192 onload = function() { 193 var frame = document.createElement('iframe'); 194 frame.id = "fr"; 195 frame.setAttribute("style", "display:none"); 196 frame.setAttribute('src', get_host_info().HTTPS_REMOTE_ORIGIN + "/"); 197 frame.setAttribute("onload", "fr_load()"); 198 document.body.appendChild(frame); 199 } 200 </script>