/
demo.html
85 lines (71 loc) · 3.75 KB
/
demo.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<!doctype html>
<head>
<meta charset="utf-8" />
<title>pmxdr demo</title>
<script type="text/javascript" src="client/latest/pmxdr.min.js"></script>
</head>
<body>
<h1>pmxdr demo</h1>
<em id="testing">Automated tests in progress...</em>
<h2>Results:</h2>
<strong>All tests are being requested from the remote domain, eligrey.com. code.eligrey.com does not usually have access to eligrey.com through XMLHttpRequests</strong>
<div id="results"></div>
<script type="text/javascript">
//<![CDATA[
var pmxdrInterface = new pmxdr("http://eligrey.com");
function doPmxdrTests() {
var results = document.getElementById("results");
results.innerHTML = ""; // clear results case there is anything in it
pmxdrInterface.onload = function() {
var tests = [
["Requesting malicous JSON data using GET", "{uri:\"/pmxdr/example.php?x=1\"}", false],
["Requesting malicous JSON data using POST", "{method:\"post\", uri:\"/pmxdr/example.php\", data:\"x=1\", contentType:\"application/x-www-form-urlencoded\"}", false],
["Requesting a resource That code.eligrey.com is not explicitly allowed to access\nThis should cause a DISALLOWED_ORIGIN security error.", "{uri:\"/\"}", true],
["Requesting a non-existant resource that gives a 404 error.\nThis should cause a LOAD_ERROR.", "{uri:\"/nonexistant-page-blarg\"}", true],
["Requesting a resource that only allows POST requests using a GET request.\nThe page sends this header: Access-Control-Allow-Methods: POST\nThis should cause a DISALLOWED_REQUEST_METHOD", "{uri:\"/pmxdr/example2.php\"}", true],
["Requesting a resource that only allows POST requests using a POST request.", "{method: \"post\", uri:\"/pmxdr/example2.php\", data:\"some data to send\", contentType:\"application/x-www-form-urlencoded\"}", false],
["Requesting a non-existant resource with a 5ms timeout.\nThis should cause a TIMEOUT error (Opera versions under 10 give a LOAD_ERROR instead due to an Opera bug)", "{uri:\"/nonexistant-page-blarg2\", timeout:5}", true]
], testsCompleted = 0;
function pmxdrTest(desc, req, errorIsGood) {
var code = desc+"\n> pmxdr.request("+req+")\n\n",
codeContainer = document.createElement("pre");
var request = eval("("+req+")");
request.callback = function(response) {
if ( !response.error ) {
code += "(PASS) Request Success"
code += "\nContent-Type == "+JSON.stringify(response.headers["content-type"]);
code += "\nAccess-Control-Allow-Origin == "+JSON.stringify(response.headers["access-control-allow-origin"]);
code += "\nAccess-Control-Allow-Methods == "+JSON.stringify(response.headers["access-control-allow-methods"]);
code += "\n\ndata:\n"+response.data;
} else code += (errorIsGood? "(PASS) " : "(FAIL) ")+"Error: "+response.error;
codeContainer.appendChild(document.createTextNode(code));
results.appendChild(codeContainer);
results.appendChild(document.createElement("hr"));
testsCompleted++;
if (testsCompleted >= tests.length) finishTesting();
}
pmxdrInterface.request(request);
}
for (var i=0; i<tests.length; i++)
pmxdrTest.apply(this, tests[i]);
function finishTesting() {
document.getElementById("testing").innerHTML = "Automated tests finished. [<a href=\"#\" onclick=\"doPmxdrTests();return false;\">restart tests</a>]";
pmxdrInterface.unload();
delete pmxdrInterface;
//pmxdr.destruct();
}
}
pmxdrInterface.init();
}
doPmxdrTests();
//]]>
</script>
<script type="text/javascript" src ="http://www.google-analytics.com/ga.js"></script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-4364432-7");
pageTracker._trackPageview();
} catch(err) {}
</script>
</body>
</html>