Changeset 33353

Timestamp:

05/12/08 23:05:45 (6 months ago)

Author:

mrowe@apple.com

Message:

o2008-05-07 Geoffrey Garen <ggaren@apple.com>

Reviewed by Oliver Hunt.

Added this test to demonstrate that, for "f(x)", it is correct to evaluate
"x" even if "f" is not a function, and therefore "f(x)" will throw an exception.

• fast/js/function-argument-evaluation-before-exception-expected.txt: Added.
• fast/js/function-argument-evaluation-before-exception.html: Added.

These tests now have an extra "access denied" message in them, because
of the behavior change mentioned above.

I also added try/catch clauses to eliminate the "is not object"
exception messages from the test output.

• http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html:
• http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html:
• http/tests/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html:
• http/tests/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html:
• http/tests/security/listener/resources/targetChild-window-onclick-addEventListener.html:
• http/tests/security/listener/resources/targetChild-window-onclick-shortcut.html:
• http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt:
• http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt:
• http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt:
• http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt:
• http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt:
• http/tests/security/listener/xss-window-onclick-shortcut-expected.txt:

Location:

branches/squirrelfish/LayoutTests

Files:

• ChangeLog (modified) (1 diff)
• fast/js/function-argument-evaluation-before-exception-expected.txt (added)
• fast/js/function-argument-evaluation-before-exception.html (added)
• http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html (modified) (1 diff)
• http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html (modified) (1 diff)
• http/tests/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html (modified) (1 diff)
• http/tests/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html (modified) (1 diff)
• http/tests/security/listener/resources/targetChild-window-onclick-addEventListener.html (modified) (1 diff)
• http/tests/security/listener/resources/targetChild-window-onclick-shortcut.html (modified) (1 diff)
• http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt (modified) (1 diff)
• http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt (modified) (1 diff)
• http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt (modified) (1 diff)
• http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt (modified) (1 diff)
• http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt (modified) (1 diff)
• http/tests/security/listener/xss-window-onclick-shortcut-expected.txt (modified) (1 diff)

branches/squirrelfish/LayoutTests/ChangeLog

@@ +1 @@
+o2008-05-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Added this test to demonstrate that, for "f(x)", it is correct to evaluate
+        "x" even if "f" is not a function, and therefore "f(x)" will throw an exception.
+
+        * fast/js/function-argument-evaluation-before-exception-expected.txt: Added.
+        * fast/js/function-argument-evaluation-before-exception.html: Added.
+        
+        These tests now have an extra "access denied" message in them, because
+        of the behavior change mentioned above.
+        
+        I also added try/catch clauses to eliminate the "is not object"
+        exception messages from the test output.
+        
+        * http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html:
+        * http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html:
+        * http/tests/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html:
+        * http/tests/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html:
+        * http/tests/security/listener/resources/targetChild-window-onclick-addEventListener.html:
+        * http/tests/security/listener/resources/targetChild-window-onclick-shortcut.html:
+        * http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt:
+        * http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt:
+        * http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt:
+        * http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt:
+        * http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt:
+        * http/tests/security/listener/xss-window-onclick-shortcut-expected.txt:
+
 2008-05-07  Geoffrey Garen  <ggaren@apple.com>
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html

@@ -4 +4 @@
     <script>
         window.parent.frames[1].document.getElementById('button').addEventListener("click", function() {
-            alert("document.domain: " + window.document.domain);
+            try {
+                alert("document.domain: " + window.document.domain);
+            } catch(e) {
+            }
         }, false);
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html

@@ -4 +4 @@
     <script>
         window.parent.frames[1].document.getElementById('button').onclick = function() {
-            alert("document.domain: " + window.document.domain);
+            try {
+                alert("document.domain: " + window.document.domain);
+            } catch(e) {
+            }
         }
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html

@@ -4 +4 @@
     <script>
         window.parent.frames[1].XHR.addEventListener("load", function() {
-            alert("document.domain: " + window.document.domain);
+            try {
+                alert("document.domain: " + window.document.domain);
+            } catch(e) {
+            }
         }, false);
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html

@@ -4 +4 @@
     <script>
         window.parent.frames[1].XHR.onreadystatechange = function() {
-            alert("document.domain: " + window.document.domain);
+            try {
+                alert("document.domain: " + window.document.domain);
+            } catch(e) {
+            }
         }
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/resources/targetChild-window-onclick-addEventListener.html

@@ -4 +4 @@
     <script>
         window.parent.frames[1].addEventListener("click", function() {
-            alert("document.domain: " + window.document.domain);
+            try {
+                alert("document.domain: " + window.document.domain);
+            } catch(e) {
+            }
         }, false);
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/resources/targetChild-window-onclick-shortcut.html

@@ -4 +4 @@
     <script>
         window.parent.frames[1].onclick = function() {
-            alert("document.domain: " + window.document.domain);
+            try {
+                alert("document.domain: " + window.document.domain);
+            } catch(e) {
+            }
         }
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html. Domains, protocols and ports must match.
 
-CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithButton.html. Domains, protocols and ports must match.
+
 This tests that frame used when setting eventListeners on an EventTarget using addEventListener is the target nodes frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html. Domains, protocols and ports must match.
 
-CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithButton.html. Domains, protocols and ports must match.
+
 This tests that frame used when setting eventListeners on an EventTarget with the shortcut (onclick, etc), is the target nodes frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html. Domains, protocols and ports must match.
 
-CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithXMLHttpRequest.html. Domains, protocols and ports must match.
+
 This tests that frame used when setting eventListeners on an XMLHttpRequest using addEventListener, is the requests frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html. Domains, protocols and ports must match.
 
-CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithXMLHttpRequest.html. Domains, protocols and ports must match.
+
 This tests that frame used when setting eventListeners on an XMLHttpRequest with the shortcut (onreadystatechange), is the requests frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-addEventListener.html. Domains, protocols and ports must match.
 
-CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWindow.html. Domains, protocols and ports must match.
+
 This tests that frame used when setting eventListeners on the window using addEventListener is the window's frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
 

branches/squirrelfish/LayoutTests/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-shortcut.html. Domains, protocols and ports must match.
 
-CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWindow.html. Domains, protocols and ports must match.
+
 This tests that frame used when setting eventListeners on the window with the shortcut (onclick, etc), is the window's frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.