OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <html> | |
3 <head> | |
4 <script src="http://localhost:8000/security/xssAuditor/resources/utilities.j
s"></script> | |
5 <script> | |
6 if (window.testRunner) { | |
7 testRunner.dumpAsText(); | |
8 testRunner.dumpChildFramesAsText(); | |
9 testRunner.waitUntilDone(); | |
10 testRunner.setXSSAuditorEnabled(true); | |
11 } | |
12 </script> | |
13 </head> | |
14 <body> | |
15 <p>Tests that 'Content-Security-Policy: reflected-xss block;' enables the XS
SAuditor. | |
16 This test passes if a console message is generated, and the page is blocked. | |
17 There should be no content in the IFrame below:</p> | |
18 <iframe id="frame" name="frame" | |
19 onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" | |
20 src="http://localhost:8000/security/xssAuditor/resources/echo-intert
ag.pl?csp=block&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script
>"></iframe> | |
21 </body> | |
22 </html> | |
OLD | NEW |