LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt - Issue 24255018: Side three of two-sided patch for URL encoding. Restores tests expectations.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt

Issue 24255018: Side three of two-sided patch for URL encoding. Restores tests expectations. (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Missing two platform origin-exact-matching-expected.txt files Created 7 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode5-expected.txt ('k') | LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-control-char-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt

diff --git a/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt b/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt

index 2df0571f61241f697f2f8d4f2607fcdd1827e713..34c3f78757249f8ea6e1eab66d3a2a067d1c5909 100644

--- a/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt

+++ b/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt

@@ -1,3 +1,3 @@

-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=%3Cscript%20x='1&%3E&q2=1'%3Ealert(String.fromCharCode(0x58,0x53,0x53,0x31))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.

+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=%3Cscript%20x=%271&%3E&q2=1%27%3Ealert(String.fromCharCode(0x58,0x53,0x53,0x31))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.

Test that the XSSAuditor catches the specific case where the IIS webserver resovles multiply occuring query parameters by concatenating them before passing the result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The test passes if the XSSAuditor logs console messages and no alerts fire.