2019-05-24 18:31:11 +02:00
|
|
|
<!DOCTYPE html>
|
|
|
|
|
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
|
|
|
|
<title>iFrame Test</title>
|
|
|
|
<link href="testIcon.svg" type="image/png" rel="icon">
|
|
|
|
<link href="testIcon.svg" type="image/png" rel="shortcut icon">
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<script src="iframeTest.js"></script>
|
|
|
|
<iframe></iframe><script>
|
|
|
|
const iframe = window[0];
|
2019-05-25 12:35:09 +02:00
|
|
|
log("TEST:", "iframe in html:", compare(test(iframe), reference));
|
2019-05-24 18:31:11 +02:00
|
|
|
iframe.addEventListener("load", function(){
|
2019-11-30 02:05:37 +01:00
|
|
|
"use strict";
|
|
|
|
|
2019-05-25 12:35:09 +02:00
|
|
|
log("TEST:", "iframe after loading:", compare(test(iframe), reference));
|
2019-05-24 18:31:11 +02:00
|
|
|
});
|
2019-11-30 02:05:37 +01:00
|
|
|
document.write(
|
|
|
|
"<iframe></iframe>" +
|
|
|
|
"<script>log(\"TEST:\", \"iframe and script in document.write:\", compare(test(window[1]), reference));<\/script>"
|
|
|
|
);
|
2019-05-25 12:35:09 +02:00
|
|
|
log("TEST:", "iframe in document.write:", compare(test(window[1]), reference));
|
2019-05-24 18:31:11 +02:00
|
|
|
document.write("<iframe></iframe>");
|
2019-11-30 02:05:37 +01:00
|
|
|
document.write(
|
|
|
|
"<script>" +
|
|
|
|
"log(\"TEST:\", \"iframe and script in separate document.write:\", compare(test(window[2]), reference));" +
|
|
|
|
"<\/script>");
|
|
|
|
|
|
|
|
(
|
|
|
|
"<iframe></iframe>" +
|
|
|
|
"<script>" +
|
|
|
|
"log(\"TEST:\", \"iframe and script in fragmented document.write:\", compare(test(window[3]), reference));" +
|
|
|
|
"<\/script>"
|
|
|
|
).split(/(?=<)/).forEach(function(part){
|
|
|
|
"use strict";
|
|
|
|
|
2019-05-24 18:31:11 +02:00
|
|
|
document.write(part);
|
|
|
|
});
|
2019-11-30 02:05:37 +01:00
|
|
|
document.writeln(
|
|
|
|
"<iframe></iframe>" +
|
|
|
|
"<script>log(\"TEST:\", \"iframe and script in document.writeln:\", compare(test(window[4]), reference));<\/script>"
|
|
|
|
);
|
|
|
|
document.write(
|
|
|
|
"<script src=\"iframeTest.js\"><\/script>" +
|
|
|
|
"<iframe></iframe>" +
|
|
|
|
"<script>" +
|
|
|
|
"log(" +
|
|
|
|
"\"TEST:\", " +
|
|
|
|
"\"script with src, iframe and script in document.write:\", " +
|
|
|
|
"compare(test(window[5]), reference)" +
|
|
|
|
");" +
|
|
|
|
"<\/script>"
|
|
|
|
);
|
2019-05-29 14:22:52 +02:00
|
|
|
|
|
|
|
"<ifr|ame></ifr|ame>".split("|").forEach(function(part){
|
2019-11-30 02:05:37 +01:00
|
|
|
"use strict";
|
|
|
|
|
2019-05-29 14:22:52 +02:00
|
|
|
document.write(part);
|
|
|
|
});
|
|
|
|
document.write("<script>log(\"TEST:\", \"ifr|ame split:\", compare(test(window[6]), reference));<\/script>");
|
2019-05-24 18:31:11 +02:00
|
|
|
window.addEventListener("load", function(){
|
2019-11-30 02:05:37 +01:00
|
|
|
"use strict";
|
|
|
|
|
2019-05-24 18:31:11 +02:00
|
|
|
// document.open();
|
2019-05-29 14:22:52 +02:00
|
|
|
"<ifr|ame></ifr|ame>".split("|").forEach(function(part){
|
|
|
|
document.write(part);
|
|
|
|
});
|
2019-11-30 02:05:37 +01:00
|
|
|
document.write(
|
|
|
|
"<script>" +
|
|
|
|
"log(\"TEST:\", \"reopened document: ifr|ame split:\", compare(test(window[0]), reference));" +
|
|
|
|
"<\/script>");
|
|
|
|
document.write(
|
|
|
|
"<script src=\"iframeTest.js\"><\/script>" +
|
|
|
|
"<iframe></iframe>" +
|
|
|
|
"<script>" +
|
|
|
|
"log(" +
|
|
|
|
"\"TEST:\", " +
|
|
|
|
"\"reopened document: script with src, iframe and script in document.write:\", " +
|
|
|
|
"compare(test(window[1]), reference, true)" +
|
|
|
|
");" +
|
|
|
|
"<\/script>"
|
|
|
|
);
|
2019-05-24 18:31:11 +02:00
|
|
|
// document.close();
|
|
|
|
});
|
|
|
|
window.setTimeout(function(){
|
2019-11-30 02:05:37 +01:00
|
|
|
"use strict";
|
|
|
|
|
2019-05-24 18:31:11 +02:00
|
|
|
document.body.innerHTML = "<iframe></iframe>";
|
2019-12-12 00:09:53 +01:00
|
|
|
log("TEST:", "innerHTML after 1000ms:", compare(test(window[0]), reference));
|
|
|
|
|
|
|
|
var iFrame = document.createElement("iframe");
|
|
|
|
document.body.appendChild(iFrame);
|
|
|
|
log("TEST:", "appendChild after 1000ms:", compare(test(window[1]), reference));
|
|
|
|
|
|
|
|
var iFrame2 = document.createElement("iframe");
|
|
|
|
iFrame.replaceWith(iFrame2);
|
|
|
|
log("TEST:", "replaceWith after 1000ms:", compare(test(window[1]), reference));
|
|
|
|
|
2019-11-30 02:05:37 +01:00
|
|
|
document.body.innerHTML = "<h1>Iframe protection</h1>" +
|
|
|
|
"Open console (Ctrl + Shift + K) to see results. " +
|
|
|
|
"Depending on your Browser version you might have to check the \"Persist Logs\" flag and reload the page.<br>" +
|
|
|
|
"<h2>Expected result</h2>" +
|
|
|
|
"<ul>" +
|
|
|
|
"<li>the displayed hashes should not be your native hash (run test with CB disabled to get it)</li>" +
|
|
|
|
"<li>all the displayed hashes should be the same (exception if there is a change to a wyciwyg page)</li>" +
|
|
|
|
"<li>all lines with \"TEST:\" should have a \"match\" at the end</li>" +
|
|
|
|
"</ul>";
|
2019-09-04 00:30:20 +02:00
|
|
|
var title = document.createElement("title");
|
|
|
|
title.textContent = "iFrame test";
|
|
|
|
document.getElementsByTagName("head")[0].appendChild(title);
|
2019-05-24 18:31:11 +02:00
|
|
|
}, 1000);
|
|
|
|
</script>
|
|
|
|
</body>
|
|
|
|
</html>
|