2010-01-04 23:00:29 -08:00
|
|
|
<html>
|
|
|
|
<script>
|
2012-03-08 12:55:57 -08:00
|
|
|
function check(elt, expectAccess, prop) {
|
|
|
|
var access = false;
|
|
|
|
try {
|
|
|
|
elt[prop];
|
|
|
|
access = true;
|
|
|
|
}
|
|
|
|
catch (e) {}
|
|
|
|
return access === expectAccess;
|
|
|
|
}
|
2010-01-04 23:00:29 -08:00
|
|
|
|
2012-03-08 12:55:57 -08:00
|
|
|
function sendMessage(success, sameOrigin, prop) {
|
|
|
|
var result = success ? 'PASS' : 'FAIL';
|
|
|
|
var message;
|
|
|
|
if (sameOrigin)
|
|
|
|
message = 'Can access |' + prop + '| if same origin';
|
|
|
|
else
|
|
|
|
message = 'Cannot access |' + prop + '| if not same origin';
|
2010-01-04 23:00:29 -08:00
|
|
|
parent.postMessage(result + ',' + message, '*');
|
|
|
|
}
|
|
|
|
|
2012-03-08 12:55:57 -08:00
|
|
|
var sameOrigin = location.host !== 'example.org';
|
|
|
|
var pass = check(frameElement, sameOrigin, 'src');
|
|
|
|
if (!pass) {
|
|
|
|
sendMessage(false, sameOrigin, 'src');
|
|
|
|
} else {
|
|
|
|
pass = check(parent.location, sameOrigin, 'href');
|
|
|
|
sendMessage(pass, sameOrigin, 'href');
|
2010-01-04 23:00:29 -08:00
|
|
|
}
|
|
|
|
</script>
|
|
|
|
</html>
|