ZeroHello/test/security.html at old · HelloZeroNet/ZeroHello

History

110 lines (95 loc) · 3.24 KB

Raw

100

101

102

103

104

105

106

107

108

109

110

<html>

<head>

</head>

<style>

* { font-family: monospace; color: black }

</style>

<body>

<h1>Security tests</h1>

<h2>Changing url using top.window.history.pushState</h2>

function changeUrl() {

top.window.history.pushState('1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F', '1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F', '/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F/index.html');

}

</script>

<h2>Load cross-site resource using ajax get</h2>

function loadXsAjax() {

$.ajax(

{"url": "/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F/content.json"}

).done(function(res) {

$("#loadXsAjax_output").text(res)

}).fail(function( jqXHR, res ) {

$("#loadXsAjax_output").text("Failed: "+res)

})

}

</script>

<div id='loadXsAjax_output'>Result</div>

<h2>Load cross-site wrapper using ajax get</h2>

function loadXsWrapperAjax() {

$.ajax(

{"url": "/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F"}

).done(function(res) {

$("#loadXsWrapperAjax_output").text(res)

}).fail(function( jqXHR, res ) {

$("#loadXsWrapperAjax_output").text("Failed: "+res)

})

}

</script>

<div id='loadXsWrapperAjax_output'>Result</div>

<h2>Load other site resource using iframe</h2>

function createXsIframe() {

$("#createXsIframe_result").html('<iframe src="/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F/content.json" id="iframe2"></iframe>')

}

</script>

<div id='createXsIframe_result'>Result</div>

<h2>Load other site wrapper using iframe</h2>

function createXsWrapperIframe() {

$("#createXsWrapperIframe_result").html('<iframe src="/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F" id="iframe2"></iframe>')

}

</script>

<a href="#" onclick="createXsWrapperIframe()">Test (Navigates away from site)</a>

<div id='createXsWrapperIframe_result'>Result</div>

<h2>Webworkers</h2>

function createWebworker() {

// via http://www.html5rocks.com/en/tutorials/workers/basics/#toc-inlineworkers

var blob = new Blob([

"onmessage = function(e) { postMessage('msg from worker'); }"]);

var blobURL = window.URL.createObjectURL(blob);

console.log(blobURL)

var worker = new Worker(blobURL);

worker.onmessage = function(e) {

document.getElementById('webworker_result').textContent = event.data;

};

worker.postMessage("hello");

}

</script>

<div id="webworker_result">Result</div>

<h2>Links</h2>

<ul>

<li><a href="security.html" id="link_to_current">Opening wrapper inner wrapper</a></li>

<li><a href="security.html" target="_top" id="link_to_top">Opening to _top</a></li>

<li><a href="security.html" target="_blank" id="link_to_blank">Opening to _blank</a></li>

<li><a href="#" onclick="window.top.location = window.location" id="inner_to_top">Opening current page to _top (should fail)</a></li>

<li><a href="../img/loading.gif" id="gif_to_current">Gif to current</a></li>

</ul>

</body>

</html>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

security.html

Latest commit

History

security.html

File metadata and controls