| Index: LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html
|
| diff --git a/LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html b/LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..4521aac2d6b11b02b95703dc49dbb0c4a7a493f2
|
| --- /dev/null
|
| +++ b/LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html
|
| @@ -0,0 +1,29 @@
|
| +<!DOCTYPE html>
|
| +<html>
|
| +<head>
|
| +<script>
|
| +if (window.testRunner) {
|
| + testRunner.dumpAsText();
|
| + testRunner.dumpChildFramesAsText();
|
| + testRunner.waitUntilDone();
|
| + testRunner.setXSSAuditorEnabled(true);
|
| +}
|
| +function done()
|
| +{
|
| + if (window.testRunner)
|
| + testRunner.notifyDone();
|
| +}
|
| +</script>
|
| +</head>
|
| +<body>
|
| +This test shows that the XSSAuditor can not be induced to fire against a leading
|
| +substring of an otherwise unknown attribute.
|
| +<iframe id="myframe"></iframe>
|
| +<script>
|
| +var pad = '11111111111111111111111111111111111111111111111111111';
|
| +var guess = 'action%3d%22http://localhost:8000/foo%3fpad%3d' + pad + '%26tok%3d1234'
|
| +var src = 'resources/echo-form-action.pl?add-token=1&q=http://localhost:8000/foo%3fpad%3d' + pad + '&guess=' + guess;
|
| +document.getElementById('myframe').src = src;
|
| +</script>
|
| +</body>
|
| +</html>
|
|
|
Chromium Code Reviews
Issue 1190433008:
Prevent linear-time forcing of tokens by inducing XSSAuditor page blocks. (Closed)
Base URL: svn://svn.chromium.org/blink/branches/chromium/2403