|
Last change
on this file since 256 was
256,
checked in by hendrikvanantwerpen, 13 years ago
|
|
Reworked project structure based on REST interaction and Dojo library. As
soon as this is stable, the old jQueryUI branch can be removed (it's
kept for reference).
|
|
File size:
918 bytes
|
| Line | |
|---|
| 1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> |
|---|
| 2 | <html> |
|---|
| 3 | <head> |
|---|
| 4 | <title>Attacker Frame Test</title> |
|---|
| 5 | <script type="text/javascript"> |
|---|
| 6 | var switchedLocation; |
|---|
| 7 | var intervalId = setInterval(function(){ |
|---|
| 8 | try{ |
|---|
| 9 | if(!switchedLocation){ |
|---|
| 10 | parent.frames[1].name='malicious data'; |
|---|
| 11 | alert("changing to "+ (parent.frames[1][0][0].location = "http://127.0.0.1/dojox/io/tests/")); |
|---|
| 12 | switchedLocation = true; |
|---|
| 13 | } |
|---|
| 14 | alert("snooping for "+ parent.frames[1].name); |
|---|
| 15 | clearInterval(intervalId); |
|---|
| 16 | } |
|---|
| 17 | catch(e){} |
|---|
| 18 | },10); |
|---|
| 19 | function check(){ |
|---|
| 20 | if(switchedLocation){ |
|---|
| 21 | alert("other " + parent.frames[1][0][0].name); |
|---|
| 22 | } |
|---|
| 23 | alert("trying to delete"+parent['protectedFrame']); |
|---|
| 24 | (parent.frames[1].location = "http://127.0.0.1/dojox/io/tests/"); |
|---|
| 25 | switchedLocation = true; |
|---|
| 26 | alert("changed "); |
|---|
| 27 | |
|---|
| 28 | } |
|---|
| 29 | </script> |
|---|
| 30 | </head> |
|---|
| 31 | <body class="tundra"> |
|---|
| 32 | <div onclick="check()">fire</div> |
|---|
| 33 | </body> |
|---|
| 34 | </html> |
|---|
Note: See
TracBrowser
for help on using the repository browser.
