OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <script src="http://localhost:8000/security/xssAuditor/resources/utilities.js"><
/script> | 4 <script src="http://localhost:8000/security/xssAuditor/resources/utilities.js"><
/script> |
5 <script> | 5 <script> |
6 if (window.testRunner) { | 6 if (window.testRunner) { |
7 testRunner.dumpAsText(); | 7 testRunner.dumpAsText(); |
8 testRunner.dumpChildFramesAsText(); | 8 testRunner.dumpChildFramesAsText(); |
9 testRunner.waitUntilDone(); | 9 testRunner.waitUntilDone(); |
10 testRunner.setXSSAuditorEnabled(true); | 10 testRunner.setXSSAuditorEnabled(true); |
11 } | 11 } |
12 </script> | 12 </script> |
13 </head> | 13 </head> |
14 <body> | 14 <body> |
15 <p>This tests that the X-XSS-Protection header is not ignored when there is a tr
ailing garbage after mode=block, and we issue an error</p> | 15 <p>This tests that the X-XSS-Protection header is not ignored when there is a tr
ailing garbage after mode=block, and we issue an error</p> |
16 <iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" s
rc="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyD
one=1&malformed-header=4&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</s
cript><p>If you see this message and no JavaScript alert() then the test PASSED.
</p>"> | 16 <iframe id="frame" name="frame" onload="checkIfFrameLocationMatchesSrcAndCallDon
e('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intert
ag.pl?notifyDone=1&malformed-header=4&q=<script>alert(String.fromCharCode(0x58,0
x53,0x53))</script><p>If you see this message and no JavaScript alert() then the
test PASSED.</p>"> |
17 </iframe> | 17 </iframe> |
18 </body> | 18 </body> |
19 </html> | 19 </html> |
OLD | NEW |