| <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" |
| "http://www.w3.org/TR/html4/loose.dtd"> |
| <html> |
| <head> |
| <script> |
| function logFailure(message) { |
| window.top.postMessage(message, "*"); |
| } |
| function done() { |
| window.top.postMessage("DONE", "*"); |
| } |
| function testXHRDenied() |
| { |
| var f = document.getElementById("f"); |
| // Check that access to an empty iframe allowed. |
| f.contentDocument.body.innerHTML = "Successful write into iframe"; |
| xhr = new XMLHttpRequest(); |
| |
| xhr.open("GET", "../xmlhttprequest-no-file-access-expected.txt"); |
| xhr.onload = () => { |
| logFailure("Bad: XHR didn't throw exception"); |
| done(); |
| }; |
| xhr.onerror = (e) => { |
| try { |
| window.top.document.body; |
| logFailure("Bad: DOM access didn't throw exception"); |
| } finally { |
| done(); |
| } |
| }; |
| xhr.send(""); |
| } |
| </script> |
| </head> |
| <body onload="testXHRDenied()"> |
| <iframe id="f"></iframe> |
| </body> |
| </html> |
