| 1 CONSOLE ERROR: line 5: The XSS Auditor refused to execute a script in 'http://lo
calhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=%3cimg%2
0src=x%20onerror=%22[]&q2=alert(1)%22%3c' because its source code was found with
in the request. The auditor was enabled as the server sent neither an 'X-XSS-Pro
tection' nor 'Content-Security-Policy' header. | 1 CONSOLE ERROR: line 5: The XSS Auditor refused to execute a script in 'http://lo
calhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=%3cimg%2
0src=x%20onerror=%22[]&q2=alert(1)%22%3c' because its source code was found with
in the request. The auditor was enabled as the server did not send an 'X-XSS-Pro
tection' header. |
| 3 Test that the XSSAuditor catches the specific case where the IIS webserver resov
les multiply occuring query parameters by concatenating them before passing the
result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The
test passes if the XSSAuditor logs console messages and no alerts fire. | 3 Test that the XSSAuditor catches the specific case where the IIS webserver resov
les multiply occuring query parameters by concatenating them before passing the
result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The
test passes if the XSSAuditor logs console messages and no alerts fire. |
Chromium Code Reviews
Issue 2428473004:
Remove the 'reflected-xss' directive from CSP. (Closed)
