Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(92)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html

Issue 205243002: XSSAuditor bypass with script tag and expression following injection point (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Incorporate dbates's suggestions. Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl ('k') | LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html
diff --git a/LayoutTests/http/tests/security/xssAuditor/iframe-injection.html b/LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html
similarity index 77%
copy from LayoutTests/http/tests/security/xssAuditor/iframe-injection.html
copy to LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html
index add4e1343475caed16875c49fc37acd3f0a83452..4885718ca73e05a0fab57ff5a2d6a35a9ed267fa 100644
--- a/LayoutTests/http/tests/security/xssAuditor/iframe-injection.html
+++ b/LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html
@@ -9,7 +9,7 @@ if (window.testRunner) {
</script>
</head>
<body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20src='http://127.0.0.1:8000/'></iframe>">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?script-expression-follows=1&q=<script>alert('XSS')">
</iframe>
</body>
</html>
« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl ('k') | LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698