Skip to content
Browse files

support for preventing iframes from reading parent window url

  • Loading branch information...
1 parent 33d0c5d commit 3de29a8dc5a7c6a5ce7ce018624f2b56e08fef37 @parisholley parisholley committed Nov 24, 2012
Showing with 71 additions and 2 deletions.
  1. +1 −0 .gitignore
  2. +11 −1 src/jquery.address.js
  3. +11 −0 test/frame.html
  4. +48 −1 test/test.js
View
1 .gitignore
@@ -0,0 +1 @@
+dist/
View
12 src/jquery.address.js
@@ -61,7 +61,8 @@
},
_window = function() {
try {
- return top.document !== UNDEFINED && top.document.title !== UNDEFINED ? top : window;
+ return top.document !== UNDEFINED && top.document.title !== UNDEFINED && top.jQuery !== UNDEFINED &&
+ top.jQuery.address !== UNDEFINED && top.jQuery.address.frames() !== false ? top : window;
} catch (e) {
return window;
}
@@ -337,6 +338,7 @@
crawlable: FALSE,
history: TRUE,
strict: TRUE,
+ frames: TRUE,
wrap: FALSE
},
_browser = $.browser,
@@ -466,6 +468,14 @@
}
return _opts.state;
},
+ frames: function(value) {
+ if (value !== UNDEFINED) {
+ _opts.frames = value;
+ _t = _window();
+ return this;
+ }
+ return _opts.frames;
+ },
strict: function(value) {
if (value !== UNDEFINED) {
_opts.strict = value;
View
11 test/frame.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>jQuery Address Test Suite</title>
+ <script type="text/javascript" src="jquery-1.8.2.min.js"></script>
+ <script type="text/javascript" src="../src/jquery.address.js"></script>
+ <script type="text/javascript">
+ parent.iframe($.address.parameter('p'));
+ </script>
+ </head>
+</html>
View
49 test/test.js
@@ -61,6 +61,54 @@ asyncTest('Query test', function() {
}, 100);
});
+asyncTest('Frames disabled test', function() {
+ setTimeout(function() {
+ $.address.parameter('p', 2);
+
+ var $iframe = $('<iframe src="frame.html#/?p=1"></iframe>');
+
+ window.iframe = function(val){
+ equals(val, 1);
+
+ delete window.iframe;
+
+ window.history.back();
+
+ start();
+
+ $iframe.remove();
+ }
+
+ $.address.frames(false);
+
+ $iframe.appendTo('body');
+ }, 100);
+});
+
+asyncTest('Frames enabled test', function() {
+ setTimeout(function() {
+ $.address.parameter('p', 3);
+
+ var $iframe = $('<iframe src="frame.html#/?p=1"></iframe>');
+
+ window.iframe = function(val){
+ equals(val, 3);
+
+ delete window.iframe;
+
+ window.history.back();
+
+ start();
+
+ $iframe.remove();
+ }
+
+ $.address.frames(true);
+
+ $iframe.appendTo('body');
+ }, 100);
+});
+
asyncTest('Parameter test', function() {
setTimeout(function() {
$.address.parameter('a', null);
@@ -414,7 +462,6 @@ asyncTest('ensure code in hash is not executed (see commit a9f95e5885a9e)', func
})
-
setTimeout(function() {
$.address.value('/');
}, 30000);

0 comments on commit 3de29a8

Please sign in to comment.
Something went wrong with that request. Please try again.