Index: third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt b/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt |
index 6093562196ff171bc19652913dd30a7d54454f62..ef34634255bdea274969ab6fbc27ea0e3459f43c 100644 |
--- a/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt |
@@ -1,3 +1,3 @@ |
-CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3E/**/0,0/*,*/-alert(0)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header. |
+CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3E/**/0,0/*,*/-alert(0)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server did not send an 'X-XSS-Protection' header. |
Test that the XSSAuditor's tolerance for the IIS webserver's comma concatenation doesn't open holes when the reflected argument contains an actual comma. The test passes if the XSSAuditor logs console messages and no alerts fire. |