test_unsecureIframe2.html - This HTML code creates a simple…

/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html

http://github.com/zpao/v8monkey · HTML · 33 lines · 28 code · 5 blank · 0 comment · 0 complexity · e2472e0ff7478c43ad35155c7f78cae9 MD5 · raw file


<!DOCTYPE HTML>
<html>
<head>
  <title>Unsecure iframe load</title>
  <script type="text/javascript" src="/MochiKit/Base.js"></script>
  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
  <script type="text/javascript" src="/MochiKit/Style.js"></script>
  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="text/javascript" src="mixedContentTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />

  <script class="testbody" type="text/javascript">

  function runTest()
  {
    isSecurityState("broken", "insecure <iframe> load breaks security");
    finish();
  }

  function afterNavigationTest()
  {
    isSecurityState("broken", "security still broken after navigation");
    finish();
  }

  </script>
</head>

<body>
  <iframe src="https://example.com/tests/security/ssl/mixedcontent/iframe2.html"></iframe>
</body>
</html>

Summary ✨

This HTML code creates a simple web page that loads an iframe from a secure website, testing for mixed content security vulnerabilities. The script checks the security state of the page after loading the iframe and navigation, verifying if the security is broken due to the insecure load. It uses various MochiKit libraries for testing purposes.

Alerts (2)

'<iframe' Iframe detected; ensure sandbox attribute or CSP is used to mitigate security risks
17 31