blob: bbb5d934d790bc6043cfd9f6fc89049030cc26f8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script>
function log(message)
{
var console = document.getElementById('console');
console.appendChild(document.createTextNode(message));
console.appendChild(document.createElement('br'));
}
function testXHRDenied()
{
log("Checking that same-origin iframes work.");
var f = document.getElementById("f");
f.contentDocument.body.innerHTML = "Successful write into iframe";
log("Doing an XHR to an existing file.");
xhr = new XMLHttpRequest();
try {
xhr.open("GET", "../xmlhttprequest-no-file-access-expected.txt", false);
xhr.send("");
log("Bad: XHR didn't throw exception");
} catch(e) {
log("Exception: " + e.message);
try {
var results = window.top.document.getElementById('results');
log("Bad: DOM access didn't throw exception");
} catch (e) {
log("Exception: " + e.message);
if (window.layoutTestController) {
setTimeout("layoutTestController.notifyDone()", 0);
}
}
}
}
</script>
</head>
<body onload="testXHRDenied()">
<iframe id="f"></iframe>
<p> We're checking we can't read an arbitrary file when we set each file:// URI to have a unique domain. </p>
<div id="console"/>
</body>
</html>
|
