OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <html> |
| 3 <head> |
| 4 <script> |
| 5 if (window.testRunner) { |
| 6 testRunner.dumpAsText(); |
| 7 testRunner.dumpChildFramesAsText(); |
| 8 testRunner.waitUntilDone(); |
| 9 testRunner.setXSSAuditorEnabled(true); |
| 10 } |
| 11 function done() |
| 12 { |
| 13 if (window.testRunner) |
| 14 testRunner.notifyDone(); |
| 15 } |
| 16 </script> |
| 17 </head> |
| 18 <body> |
| 19 This test shows that the XSSAuditor can not be induced to fire against a leading |
| 20 substring of an otherwise unknown attribute. |
| 21 <iframe id="myframe"></iframe> |
| 22 <script> |
| 23 var pad = '11111111111111111111111111111111111111111111111111111'; |
| 24 var guess = 'action%3d%22http://localhost:8000/foo%3fpad%3d' + pad + '%26tok%3d1
234' |
| 25 var src = 'resources/echo-form-action.pl?add-token=1&q=http://localhost:8000/foo
%3fpad%3d' + pad + '&guess=' + guess; |
| 26 document.getElementById('myframe').src = src; |
| 27 </script> |
| 28 </body> |
| 29 </html> |
OLD | NEW |