Index: LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html |
diff --git a/LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html b/LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..4521aac2d6b11b02b95703dc49dbb0c4a7a493f2 |
--- /dev/null |
+++ b/LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html |
@@ -0,0 +1,29 @@ |
+<!DOCTYPE html> |
+<html> |
+<head> |
+<script> |
+if (window.testRunner) { |
+ testRunner.dumpAsText(); |
+ testRunner.dumpChildFramesAsText(); |
+ testRunner.waitUntilDone(); |
+ testRunner.setXSSAuditorEnabled(true); |
+} |
+function done() |
+{ |
+ if (window.testRunner) |
+ testRunner.notifyDone(); |
+} |
+</script> |
+</head> |
+<body> |
+This test shows that the XSSAuditor can not be induced to fire against a leading |
+substring of an otherwise unknown attribute. |
+<iframe id="myframe"></iframe> |
+<script> |
+var pad = '11111111111111111111111111111111111111111111111111111'; |
+var guess = 'action%3d%22http://localhost:8000/foo%3fpad%3d' + pad + '%26tok%3d1234' |
+var src = 'resources/echo-form-action.pl?add-token=1&q=http://localhost:8000/foo%3fpad%3d' + pad + '&guess=' + guess; |
+document.getElementById('myframe').src = src; |
+</script> |
+</body> |
+</html> |