OLD | NEW |
1 <?php | 1 <?php |
2 header("X-XSS-Protection: 1; mode=block"); | 2 header("X-XSS-Protection: 1; mode=block"); |
3 ?> | 3 ?> |
4 <!DOCTYPE html> | 4 <!DOCTYPE html> |
5 <html> | 5 <html> |
6 <head> | 6 <head> |
7 <script src="http://127.0.0.1:8000/security/xssAuditor/resources/utilities.js"><
/script> | 7 <script src="http://127.0.0.1:8000/security/xssAuditor/resources/utilities.js"><
/script> |
8 <script> | 8 <script> |
9 if (window.testRunner) { | 9 if (window.testRunner) { |
10 testRunner.dumpAsText(); | 10 testRunner.dumpAsText(); |
11 testRunner.dumpChildFramesAsText(); | 11 testRunner.dumpChildFramesAsText(); |
12 testRunner.waitUntilDone(); | 12 testRunner.waitUntilDone(); |
13 testRunner.setXSSAuditorEnabled(true); | 13 testRunner.setXSSAuditorEnabled(true); |
14 } | 14 } |
15 </script> | 15 </script> |
16 </head> | 16 </head> |
17 <body> | 17 <body> |
18 <p>This tests that the header X-XSS-Protection is not inherited by the iframe be
low:</p> | 18 <p>This tests that the header X-XSS-Protection is not inherited by the iframe be
low:</p> |
19 <iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" s
rc="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?q=<scri
pt>alert(/XSS/)</script><p>If you see this message and no JavaScript alert() the
n the test PASSED.</p>"> | 19 <iframe id="frame" name="frame" onload="checkIfFrameLocationMatchesSrcAndCallDon
e('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intert
ag.pl?q=<script>alert(/XSS/)</script><p>If you see this message and no JavaScrip
t alert() then the test PASSED.</p>"> |
20 </iframe> | 20 </iframe> |
21 </body> | 21 </body> |
22 </html> | 22 </html> |
OLD | NEW |