chromium/src/third_party/blink/web_tests/http/tests/security/cross-frame-access-set-window-properties.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
     <script src="/js-test-resources/js-test.js"></script>
 </head>
 <body>
     <iframe src="http://localhost:8080/security/resources/innocent-victim.html"></iframe>
     <script>
         window.jsTestIsAsync = true;
         description("Certain window properties are readable cross-origin, but ought not be writable.");

         var iWindow;
         window.onload = function () {
             iWindow = document.querySelector('iframe').contentWindow;

             var ex = '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."';

             // 'DoNotCheckSecurity' methods.
             var DoNotCheckSecurityMethods = [
                 'focus',
                 'blur',
                 'close',
                 'postMessage',
                 'toString'
             ];
             for (var i = 0; i < DoNotCheckSecurityMethods.length; i++) {
                 shouldThrow('iWindow.' + DoNotCheckSecurityMethods[i] + ' = function () {};', ex);
             }

             // 'Replacable' properties (not an exhaustive list).
             var ReplaceableProperties = [
                 'clientInformation',
                 'devicePixelRatio',
                 'event',
                 'frames',
                 'history',
                 'innerHeight',
                 'innerWidth',
                 'length',
                 'locationbar',
                 'menubar',
                 'navigator',
                 'offscreenBuffering',
                 'opener',
                 'outerHeight',
                 'outerWidth',
                 'parent',
                 'personalbar',
                 'screen',
                 'screenLeft',
                 'screenTop',
                 'screenX',
                 'screenY',
                 'scrollX',
                 'scrollY',
                 'scrollbars',
                 'self',
                 'statusbar',
                 'toolbar'
             ];
             for (var i = 0; i < ReplaceableProperties.length; i++) {
                 shouldThrow('iWindow.' + ReplaceableProperties[i] + ' = 1;');
             }

             finishJSTest();
         };
     </script>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<script src="/js-test-resources/js-test.js"></script>
	</head>
	<body>
	<iframe src="http://localhost:8080/security/resources/innocent-victim.html"></iframe>
	<script>
	window.jsTestIsAsync = true;
	description("Certain window properties are readable cross-origin, but ought not be writable.");

	var iWindow;
	window.onload = function () {
	iWindow = document.querySelector('iframe').contentWindow;

	var ex = '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."';

	// 'DoNotCheckSecurity' methods.
	var DoNotCheckSecurityMethods = [
	'focus',
	'blur',
	'close',
	'postMessage',
	'toString'
	];
	for (var i = 0; i < DoNotCheckSecurityMethods.length; i++) {
	shouldThrow('iWindow.' + DoNotCheckSecurityMethods[i] + ' = function () {};', ex);
	}

	// 'Replacable' properties (not an exhaustive list).
	var ReplaceableProperties = [
	'clientInformation',
	'devicePixelRatio',
	'event',
	'frames',
	'history',
	'innerHeight',
	'innerWidth',
	'length',
	'locationbar',
	'menubar',
	'navigator',
	'offscreenBuffering',
	'opener',
	'outerHeight',
	'outerWidth',
	'parent',
	'personalbar',
	'screen',
	'screenLeft',
	'screenTop',
	'screenX',
	'screenY',
	'scrollX',
	'scrollY',
	'scrollbars',
	'self',
	'statusbar',
	'toolbar'
	];
	for (var i = 0; i < ReplaceableProperties.length; i++) {
	shouldThrow('iWindow.' + ReplaceableProperties[i] + ' = 1;');
	}

	finishJSTest();
	};
	</script>
	</body>
	</html>