diff options
| author | patrick@chromium.org <patrick@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-03-09 18:39:03 +0000 |
|---|---|---|
| committer | patrick@chromium.org <patrick@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-03-09 18:39:03 +0000 |
| commit | 30cdf1b498549d19a9b39388831d5ac1a5c93b98 (patch) | |
| tree | 7f38b048b6b39bca4473039f5724f4e234a3dd9a /chrome/test/data/dom_checker/dom_config.js | |
| parent | 36737bcca80d83c72288c2b854f9caa1671593f9 (diff) | |
| download | chromium_src-30cdf1b498549d19a9b39388831d5ac1a5c93b98.zip chromium_src-30cdf1b498549d19a9b39388831d5ac1a5c93b98.tar.gz chromium_src-30cdf1b498549d19a9b39388831d5ac1a5c93b98.tar.bz2 | |
Add a copy of DOM checker for testing. DOM checker is a tool to help automate
domain security policy enforcement.
This copy of DOM checker was fetched from:
http://lcamtuf.coredump.cx/dom_checker/
Some values in dom_config.js have been changed. There have been no other
modifications.
In order to automate this test, there will need to be a few more small changes.
To more easily see what changes have been made for Chromium, I'm first checking
in a clean copy.
BUG=6274
Review URL: http://codereview.chromium.org/40234
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11264 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/test/data/dom_checker/dom_config.js')
| -rw-r--r-- | chrome/test/data/dom_checker/dom_config.js | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/chrome/test/data/dom_checker/dom_config.js b/chrome/test/data/dom_checker/dom_config.js new file mode 100644 index 0000000..8785d82 --- /dev/null +++ b/chrome/test/data/dom_checker/dom_config.js @@ -0,0 +1,71 @@ +/* + + DOM checker - configuration parameters + -------------------------------------- + + Please be sure to update these to reflect the realities of the place where + you host the program. + + Authors: Michal Zalewski <lcamtuf@google.com> + Filipe Almeida <filipe@google.com> + + Copyright 2008 by Google Inc. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/ + + +/* Host name where you intend to put the script: */ +var main_host = 'localhost'; + +/* Subdirectory for DOM checker files: */ +var main_dir = 'dom_checker'; + +/* An alternative way to call the same resource in a manner that + appears to the browser as completely unrelated to main_host + (try IP address): */ +var alt_host = '127.0.0.1'; + +/* Subdirectory for DOM checker files: */ +var alt_dir = 'dom_checker'; + +/* DOM properties or hierarchies we do not want to enumerate and + randomly write during primary checks because of their disruptive + nature. */ + +var write_blacklist = { + 'location': 1 +}; + + +/* DOM properties or hierarchies we do not want to attempt to read, + and methods we do not want to call, because they either have no + security impact at all, or the ability to read/access does not + reliably imply any privileges. */ + +var read_blacklist = { + 'top' : 2, // Calling frame + 'parent' : 3, // Calling frame + 'frames' : 4, // Lower level access not implied + 'document' : 5, // Lower level access not implied + 'self' : 6, // Lower level access not implied + 'history' : 7, // Lower level access not implied + 'close' : 8, // Access does not imply success + 'focus' : 9, // Access does not imply success + 'blur' : 10, // Access does not imply success + 'closed' : 11, // Not very revealing + 'opener' : 12, // Ditto. + 'window' : 13, // Ditto. + 'open' : 14 // Firefox oddity, but deemed harmless. +}; |