XMLHttpRequest/send-after-setting-document-domain.htm - external/w3c/web-platform-tests - Git at Google

 <!doctype html>
 <html>
  <head>
  <title>XMLHttpRequest: send() with document.domain set</title>
  <script src="/resources/testharness.js"></script>
  <script src="/resources/testharnessreport.js"></script>
  <link rel="help" href="http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#the-send()-method" data-tested-assertations="following::code[contains(text(),'*/*')]/.. following::code[contains(text(),'Accept')]/.. following::code[contains(text(),'Accept')]/../following::ul[1]/li[1]" />
  </head>
  <body>
  <div id="log"></div>
  <script>
  // first make sure we actually run off a domain with at least three parts, in order to be able to shorten it..
  if (location.hostname.split(/\./).length < 3) {
  location.href = location.protocol+'//www2.'+location.hostname+location.pathname
  };

  test(function() {
  document.domain = document.domain // this is not a noop, it does actually change the security context
  var client = new XMLHttpRequest()
  client.open("GET", "resources/status.php?content=hello", false)
  client.send(null)
  assert_equals(client.responseText, "hello")
  document.domain = document.domain.replace(/^\w+\./, '')
  client.open("GET", "resources/status.php?content=hello2", false)
  client.send(null)
  assert_equals(client.responseText, "hello2")
  }, "loading documents from original origin after setting document.domain")
  // try to load a document from the origin document.domain was set to
  test(function () {
  var client = new XMLHttpRequest()
  client.open("GET", location.protocol + '//' + document.domain + location.pathname.replace(/[^\/]*$/, '') + "resources/status.php?content=hello3", false)
  // AFAIK this should throw
  assert_throws('NetworkError', function(){client.send(null)})
  }, "loading documents from the origin document.domain was set to should throw")
  </script>
  </body>
 </html>
	<!doctype html>
	<html>
	<head>
	<title>XMLHttpRequest: send() with document.domain set</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<link rel="help" href="http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#the-send()-method" data-tested-assertations="following::code[contains(text(),'/')]/.. following::code[contains(text(),'Accept')]/.. following::code[contains(text(),'Accept')]/../following::ul[1]/li[1]" />
	</head>
	<body>
	<div id="log"></div>
	<script>
	// first make sure we actually run off a domain with at least three parts, in order to be able to shorten it..
	if (location.hostname.split(/\./).length < 3) {
	location.href = location.protocol+'//www2.'+location.hostname+location.pathname
	};

	test(function() {
	document.domain = document.domain // this is not a noop, it does actually change the security context
	var client = new XMLHttpRequest()
	client.open("GET", "resources/status.php?content=hello", false)
	client.send(null)
	assert_equals(client.responseText, "hello")
	document.domain = document.domain.replace(/^\w+\./, '')
	client.open("GET", "resources/status.php?content=hello2", false)
	client.send(null)
	assert_equals(client.responseText, "hello2")
	}, "loading documents from original origin after setting document.domain")
	// try to load a document from the origin document.domain was set to
	test(function () {
	var client = new XMLHttpRequest()
	client.open("GET", location.protocol + '//' + document.domain + location.pathname.replace(/[^\/]*$/, '') + "resources/status.php?content=hello3", false)
	// AFAIK this should throw
	assert_throws('NetworkError', function(){client.send(null)})
	}, "loading documents from the origin document.domain was set to should throw")
	</script>
	</body>
	</html>