chromium/src/third_party/blink/web_tests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level.html - manifest_repos/chromium_src - Git at Google

 <html>
 <head>
     <script>
         if (window.testRunner) {
             testRunner.dumpAsText();
             testRunner.dumpChildFrames();
             testRunner.waitUntilDone();
         }
         function loaded() {
             var innerURL = "data:text/html,<html>"
                 + "<head>"
                 +     "<scr" + "ipt>"
                 +         "function test() {"
                 +             "try {"
                 +                 "top.document.getElementById(\"accessMe\").innerHTML = \"FAIL: Cross frame access from a data: URL inside another data: URL was allowed.\";"
                 +             "} catch (e) {"
                 +             "}"
                 +             "if (window.testRunner)"
                 +                 "testRunner.notifyDone();"
                 +         "}"
                 +     "</scr" + "ipt>"
                 + "</head>"
                 + "<body onload=\"test();\">"
                 +     "<p>Inner-inner iframe.</p>"
                 + "</body>"
                 + '</html>';

             var url = "data:text/html,<html>"
                 + "<body>"
                 +     "<p>Inner iframe.</p>"
                 +     "<iframe src='" + innerURL + "'></iframe>"
                 + "</body>"
                 + "</html>";

             var iframe = document.getElementById("aFrame");
             iframe.src = url;
         }
     </script>
 </head>
 <body onload="loaded();">
     <p>This tests that a data: URL loaded in an iframe inside another data: URL loaded iframe doesn't have access to the main frame.</p>
     <iframe id="aFrame" name="aFrame" style="width: 500px; height: 300px;"></iframe>
     <p id='accessMe'>PASS: Cross frame access from a data: URL inside another data: URL was denied.</p>
 </body>
 </html>
	<html>
	<head>
	<script>
	if (window.testRunner) {
	testRunner.dumpAsText();
	testRunner.dumpChildFrames();
	testRunner.waitUntilDone();
	}
	function loaded() {
	var innerURL = "data:text/html,<html>"
	+ "<head>"
	+ "<scr" + "ipt>"
	+ "function test() {"
	+ "try {"
	+ "top.document.getElementById(\"accessMe\").innerHTML = \"FAIL: Cross frame access from a data: URL inside another data: URL was allowed.\";"
	+ "} catch (e) {"
	+ "}"
	+ "if (window.testRunner)"
	+ "testRunner.notifyDone();"
	+ "}"
	+ "</scr" + "ipt>"
	+ "</head>"
	+ "<body onload=\"test();\">"
	+ "<p>Inner-inner iframe.</p>"
	+ "</body>"
	+ '</html>';

	var url = "data:text/html,<html>"
	+ "<body>"
	+ "<p>Inner iframe.</p>"
	+ "<iframe src='" + innerURL + "'></iframe>"
	+ "</body>"
	+ "</html>";

	var iframe = document.getElementById("aFrame");
	iframe.src = url;
	}
	</script>
	</head>
	<body onload="loaded();">
	<p>This tests that a data: URL loaded in an iframe inside another data: URL loaded iframe doesn't have access to the main frame.</p>
	<iframe id="aFrame" name="aFrame" style="width: 500px; height: 300px;"></iframe>
	<p id='accessMe'>PASS: Cross frame access from a data: URL inside another data: URL was denied.</p>
	</body>
	</html>