2019-05-24 18:31:11 +02:00
|
|
|
<!DOCTYPE html>
|
|
|
|
|
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
|
|
|
|
<title>iFrame Test</title>
|
|
|
|
<link href="testIcon.svg" type="image/png" rel="icon">
|
|
|
|
<link href="testIcon.svg" type="image/png" rel="shortcut icon">
|
|
|
|
</head>
|
|
|
|
<body>
|
2020-06-19 00:06:56 +02:00
|
|
|
<div id="text">
|
|
|
|
<h1>Iframe protection</h1>
|
|
|
|
Open console (Ctrl + Shift + K) to see results.
|
|
|
|
Depending on your Browser version you might have to check the "Persist Logs" flag and reload the page.<br>
|
|
|
|
<h2>Expected result</h2>
|
|
|
|
<ul>
|
|
|
|
<li>the displayed hashes should not be your native hash (run test with CB disabled to get it)</li>
|
|
|
|
<li>all the displayed hashes should be the same (exception if there is a change to a wyciwyg page)</li>
|
|
|
|
<li>all lines with "TEST:" should have a "match" at the end</li>
|
|
|
|
</ul>
|
|
|
|
</div>
|
2019-05-24 18:31:11 +02:00
|
|
|
<script src="iframeTest.js"></script>
|
|
|
|
<iframe></iframe><script>
|
2020-06-19 00:06:56 +02:00
|
|
|
const pageText = document.getElementById("text").innerHTML;
|
|
|
|
const pageTitle = document.querySelector("head title").textContent;
|
|
|
|
function restoreContent(){
|
|
|
|
"use strict";
|
|
|
|
|
|
|
|
document.body.innerHTML = pageText;
|
|
|
|
const title = document.createElement("title");
|
|
|
|
title.textContent = pageTitle;
|
|
|
|
document.getElementsByTagName("head")[0].appendChild(title);
|
|
|
|
}
|
|
|
|
|
2019-05-24 18:31:11 +02:00
|
|
|
const iframe = window[0];
|
2019-05-25 12:35:09 +02:00
|
|
|
log("TEST:", "iframe in html:", compare(test(iframe), reference));
|
2019-05-24 18:31:11 +02:00
|
|
|
iframe.addEventListener("load", function(){
|
2019-11-30 02:05:37 +01:00
|
|
|
"use strict";
|
|
|
|
|
2019-05-25 12:35:09 +02:00
|
|
|
log("TEST:", "iframe after loading:", compare(test(iframe), reference));
|
2019-05-24 18:31:11 +02:00
|
|
|
});
|
2019-11-30 02:05:37 +01:00
|
|
|
document.write(
|
|
|
|
"<iframe></iframe>" +
|
|
|
|
"<script>log(\"TEST:\", \"iframe and script in document.write:\", compare(test(window[1]), reference));<\/script>"
|
|
|
|
);
|
2019-05-25 12:35:09 +02:00
|
|
|
log("TEST:", "iframe in document.write:", compare(test(window[1]), reference));
|
2019-05-24 18:31:11 +02:00
|
|
|
document.write("<iframe></iframe>");
|
2019-11-30 02:05:37 +01:00
|
|
|
document.write(
|
|
|
|
"<script>" +
|
|
|
|
"log(\"TEST:\", \"iframe and script in separate document.write:\", compare(test(window[2]), reference));" +
|
|
|
|
"<\/script>");
|
|
|
|
|
|
|
|
(
|
|
|
|
"<iframe></iframe>" +
|
|
|
|
"<script>" +
|
|
|
|
"log(\"TEST:\", \"iframe and script in fragmented document.write:\", compare(test(window[3]), reference));" +
|
|
|
|
"<\/script>"
|
|
|
|
).split(/(?=<)/).forEach(function(part){
|
|
|
|
"use strict";
|
|
|
|
|
2019-05-24 18:31:11 +02:00
|
|
|
document.write(part);
|
|
|
|
});
|
2019-11-30 02:05:37 +01:00
|
|
|
document.writeln(
|
|
|
|
"<iframe></iframe>" +
|
|
|
|
"<script>log(\"TEST:\", \"iframe and script in document.writeln:\", compare(test(window[4]), reference));<\/script>"
|
|
|
|
);
|
|
|
|
document.write(
|
|
|
|
"<script src=\"iframeTest.js\"><\/script>" +
|
|
|
|
"<iframe></iframe>" +
|
|
|
|
"<script>" +
|
|
|
|
"log(" +
|
|
|
|
"\"TEST:\", " +
|
|
|
|
"\"script with src, iframe and script in document.write:\", " +
|
|
|
|
"compare(test(window[5]), reference)" +
|
|
|
|
");" +
|
|
|
|
"<\/script>"
|
|
|
|
);
|
2019-05-29 14:22:52 +02:00
|
|
|
|
|
|
|
"<ifr|ame></ifr|ame>".split("|").forEach(function(part){
|
2019-11-30 02:05:37 +01:00
|
|
|
"use strict";
|
|
|
|
|
2019-05-29 14:22:52 +02:00
|
|
|
document.write(part);
|
|
|
|
});
|
|
|
|
document.write("<script>log(\"TEST:\", \"ifr|ame split:\", compare(test(window[6]), reference));<\/script>");
|
2020-06-19 00:07:14 +02:00
|
|
|
document.write("<iframe></iframe>" +
|
|
|
|
"<script>" +
|
|
|
|
"let parent = window[7];" +
|
|
|
|
"let loopDepth = 1;" +
|
|
|
|
"for (; loopDepth < 50; loopDepth+= 1){" +
|
|
|
|
"parent.document.write(\"<iframe></iframe>\");" +
|
|
|
|
"const newParent = parent[0];" +
|
|
|
|
"if (!newParent){" +
|
|
|
|
"break;" +
|
|
|
|
"}" +
|
|
|
|
"parent = newParent;" +
|
|
|
|
"}" +
|
|
|
|
"log(\"TEST:\", \"nested iFrame (depth = \" + loopDepth + \")\", compare(test(parent), reference));" +
|
|
|
|
"document.body.removeChild(document.querySelector(\"iframe:last-of-type\"))" +
|
|
|
|
"<\/script>");
|
2019-05-24 18:31:11 +02:00
|
|
|
window.addEventListener("load", function(){
|
2019-11-30 02:05:37 +01:00
|
|
|
"use strict";
|
|
|
|
|
2019-05-24 18:31:11 +02:00
|
|
|
// document.open();
|
2019-05-29 14:22:52 +02:00
|
|
|
"<ifr|ame></ifr|ame>".split("|").forEach(function(part){
|
|
|
|
document.write(part);
|
|
|
|
});
|
2019-11-30 02:05:37 +01:00
|
|
|
document.write(
|
|
|
|
"<script>" +
|
|
|
|
"log(\"TEST:\", \"reopened document: ifr|ame split:\", compare(test(window[0]), reference));" +
|
|
|
|
"<\/script>");
|
|
|
|
document.write(
|
|
|
|
"<script src=\"iframeTest.js\"><\/script>" +
|
|
|
|
"<iframe></iframe>" +
|
|
|
|
"<script>" +
|
|
|
|
"log(" +
|
|
|
|
"\"TEST:\", " +
|
|
|
|
"\"reopened document: script with src, iframe and script in document.write:\", " +
|
|
|
|
"compare(test(window[1]), reference, true)" +
|
|
|
|
");" +
|
|
|
|
"<\/script>"
|
|
|
|
);
|
2019-05-24 18:31:11 +02:00
|
|
|
// document.close();
|
2019-11-30 02:05:37 +01:00
|
|
|
|
2020-06-19 00:06:56 +02:00
|
|
|
window.setTimeout(function(){
|
|
|
|
document.body.innerHTML = "<iframe></iframe>";
|
|
|
|
log("TEST:", "innerHTML after 1000ms:", compare(test(window[0]), reference));
|
|
|
|
|
|
|
|
const iFrame = document.createElement("iframe");
|
|
|
|
document.body.appendChild(iFrame);
|
|
|
|
log("TEST:", "appendChild after 1000ms:", compare(test(window[1]), reference));
|
|
|
|
|
|
|
|
const iFrame2 = document.createElement("iframe");
|
|
|
|
iFrame.replaceWith(iFrame2);
|
|
|
|
log("TEST:", "replaceWith after 1000ms:", compare(test(window[1]), reference));
|
|
|
|
|
|
|
|
restoreContent();
|
|
|
|
}, 1000);
|
|
|
|
});
|
2019-05-24 18:31:11 +02:00
|
|
|
</script>
|
|
|
|
</body>
|
|
|
|
</html>
|