Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(205)

Unified Diff: LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl

Issue 205243002: XSSAuditor bypass with script tag and expression following injection point (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Incorporate dbates's suggestions. Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl
diff --git a/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl b/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl
index 61b60373a15821de589286f1b5726b7f8defb6fc..8e3a5f01792953111e95fa98bd85ad5d178cd20e 100755
--- a/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl
+++ b/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl
@@ -92,7 +92,10 @@ if ($cgi->param('inHead')) {
if ($cgi->param('replaceState')) {
print "<script>history.replaceState({}, '', '#must-not-appear');</script>\n";
}
-print $cgi->param('q');
+print $cgi->param('q'); # XSS reflected here.
+if ($cgi->param('script-expression-follows')) {
+ print "\n <script>42;</script>\n";
+}
if ($cgi->param('clutter')) {
print $cgi->param('clutter');
}
« no previous file with comments | « no previous file | LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698