-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tests for overwriting win.opener and accessing it x-domain
- Loading branch information
Hallvord R. M. Steen
committed
May 21, 2014
1 parent
4feef03
commit b118738
Showing
2 changed files
with
175 additions
and
0 deletions.
There are no files selected for viewing
118 changes: 118 additions & 0 deletions
118
html/browsers/the-window-object/security-window/overwriting-window-opener.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
<!DOCTYPE html> | ||
<html><head> | ||
<title>Tests for overwritten window.opener</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
</head> | ||
<body> | ||
<div id="log"></div> | ||
<script type="text/javascript"> | ||
/* | ||
This test intends to test the following: | ||
* What values can window.opener be set to? | ||
{}, null, window, "", 5, undefined | ||
* Is there a difference if it's set with and without var keyword? | ||
* In which cases can window.opener be read cross-domain? | ||
A new popup window is opened for each subtest. | ||
*/ | ||
|
||
var expectations = { /* as we see, there's a nice consistency here.. */ | ||
"object with var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"object without var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"window with var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"window without var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"null with var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"null without var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"undefined with var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"undefined without var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"empty string with var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"empty string without var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"number with var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
}, | ||
"number without var": { | ||
"setting_succeeds": true, | ||
"setting_throws": false, | ||
"reading_throws": true | ||
} | ||
} | ||
|
||
|
||
var test = async_test("overwriting window.opener", {timeout:8000}); | ||
var idx = 0, win; | ||
var testURL = location.pathname.replace('overwriting-window-opener.html', 'support/window-opener-popup.html'); | ||
testURL = location.protocol + '//' + 'www1.' + location.host + testURL + '?'; | ||
|
||
window.addEventListener('message', test.step_func(function (e) { | ||
if(e.data === 'DONE'){ | ||
win.close(); | ||
test.done(); | ||
return; | ||
} | ||
var data = JSON.parse(e.data); | ||
var reading_throws = false, opener_is_this_window = false; | ||
try{ | ||
var the_opener = win.opener; | ||
opener_is_this_window = the_opener === self; | ||
}catch(err){ | ||
reading_throws = true; | ||
} | ||
win.close(); | ||
assert_equals(data.setting_throws, expectations[data.name].setting_throws, 'opener set to '+data.name+' - setting throws?'); | ||
assert_equals(data.setting_succeeds, expectations[data.name].setting_succeeds, 'opener set to '+data.name+' - setting succeeds?'); | ||
assert_equals(reading_throws, expectations[data.name].reading_throws, 'opener set to '+ data.name+' - reading throws? '); | ||
assert_false(opener_is_this_window, 'Opener no longer refers to this window when it\'s been set'); | ||
win = window.open(testURL + (parseInt(data.idx)+1)); | ||
}), false); | ||
|
||
win = window.open(testURL + '0'); | ||
|
||
|
||
</script> | ||
<p>Note: popups must be enabled for this test.</p> | ||
</body></html> |
57 changes: 57 additions & 0 deletions
57
html/browsers/the-window-object/security-window/support/window-opener-popup.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
<!DOCTYPE html> | ||
<html><head> | ||
<title>Tests for overwritten window.opener (popup - helper window)</title> | ||
</head> | ||
<body> | ||
<p>window.opener test helper window</p> | ||
|
||
<script type="text/javascript"> | ||
var _opener = window.opener; | ||
/* | ||
Page is opened with query string ?0 then with ?1 etc to make sure the tests do not interfere with each other. | ||
*/ | ||
var someObj = {}; | ||
var tests = [ | ||
{value: someObj, value_str: 'someObj', useVar:true, name:"object with var"}, | ||
{value: someObj, value_str: 'someObj', useVar:false, name:"object without var"}, | ||
{value: window, value_str: 'window', useVar:true, name:"window with var"}, | ||
{value: window, value_str: 'window', useVar:false, name:"window without var"}, | ||
{value: null, value_str: 'null', useVar:true, name:"null with var"}, | ||
{value: null, value_str: 'null', useVar:false, name:"null without var"}, | ||
{value: undefined, value_str: 'undefined', useVar:true, name:"undefined with var"}, | ||
{value: undefined, value_str: 'undefined', useVar:false, name:"undefined without var"}, | ||
{value: '', value_str: '""', useVar:true, name:"empty string with var"}, | ||
{value: '', value_str: '""', useVar:false, name:"empty string without var"}, | ||
{value: 5, value_str: '5', useVar:true, name:"number with var"}, | ||
{value: 5, value_str: '5', useVar:false, name:"number without var"} | ||
]; | ||
|
||
var testidx = location.search.substr(1); | ||
|
||
if(tests[testidx]){ | ||
document.getElementsByTagName('p')[0].firstChild.data+=' - test '+testidx+', '+tests[testidx].name; | ||
var setting_throws = 'not tested', setting_succeeds = 'not tested', unexpected_err = false, code = 'try{'; | ||
try{ | ||
if(tests[testidx].useVar){ | ||
code +='var '; | ||
} | ||
code += 'opener = ' + tests[testidx].value_str; | ||
code += ';\nsetting_throws = false;}catch(e){setting_throws = true;}'; | ||
code += '\nsetting_succeeds = opener === '+ tests[testidx].value_str | ||
console.log(code); | ||
document.open(); | ||
document.write('<script>'+code+'<\/script>'); | ||
document.close(); | ||
//setting_succeeds = window.opener === tests[testidx].value; | ||
}catch(e){ | ||
unexpected_err = true; | ||
} | ||
_opener.postMessage(JSON.stringify({idx:testidx, setting_throws:setting_throws, setting_succeeds: setting_succeeds, unexpected_err: unexpected_err, name: tests[testidx].name}), '*'); | ||
}else{ | ||
_opener.postMessage('DONE', '*'); | ||
} | ||
// if opener is set to null, the opening window is not allowed to close the popup in Chrome.. | ||
setTimeout(function(){self.close()}, 20); | ||
</script> | ||
|
||
</body></html> |