OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <script src="http://localhost:8000/security/xssAuditor/resources/utilities.js"><
/script> | 4 <script src="http://localhost:8000/security/xssAuditor/resources/utilities.js"><
/script> |
5 <script> | 5 <script> |
6 if (window.testRunner) { | 6 if (window.testRunner) { |
7 testRunner.dumpAsText(); | 7 testRunner.dumpAsText(); |
8 testRunner.dumpChildFramesAsText(); | 8 testRunner.dumpChildFramesAsText(); |
9 testRunner.waitUntilDone(); | 9 testRunner.waitUntilDone(); |
10 testRunner.setXSSAuditorEnabled(true); | 10 testRunner.setXSSAuditorEnabled(true); |
11 } | 11 } |
12 </script> | 12 </script> |
13 </head> | 13 </head> |
14 <body> | 14 <body> |
15 <p>This tests that the X-XSS-Protection header is not ignored when there is a tr
ailing semicolon following mode=blank. | 15 <p>This tests that the X-XSS-Protection header is not ignored when there is a tr
ailing semicolon following mode=blank. |
16 Although theoretically malformed, we tolerate this case without issuing an error
. </p> | 16 Although theoretically malformed, we tolerate this case without issuing an error
. </p> |
17 <iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" s
rc="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyD
one=1&valid-header=3&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</scrip
t><p>If you see this message and no JavaScript alert() then the test PASSED.</p>
"> | 17 <iframe id="frame" name="frame" onload="checkIfFrameLocationMatchesSrcAndCallDon
e('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intert
ag.pl?notifyDone=1&valid-header=3&q=<script>alert(String.fromCharCode(0x58,0x53,
0x53))</script><p>If you see this message and no JavaScript alert() then the tes
t PASSED.</p>"> |
18 </iframe> | 18 </iframe> |
19 </body> | 19 </body> |
20 </html> | 20 </html> |
OLD | NEW |