Index: third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt b/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt |
index 433c5239ca09419124386f88488b678ce4f24757..bcf72d16a20f3d245dd405523cb2e8d37dc222a3 100644 |
--- a/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt |
@@ -1,3 +1,3 @@ |
-CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=%3Cscript%20x=%271&%3E&q2=1%27%3Ealert(String.fromCharCode(0x58,0x53,0x53,0x31))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header. |
+CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=%3Cscript%20x=%271&%3E&q2=1%27%3Ealert(String.fromCharCode(0x58,0x53,0x53,0x31))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server did not send an 'X-XSS-Protection' header. |
Test that the XSSAuditor catches the specific case where the IIS webserver resovles multiply occuring query parameters by concatenating them before passing the result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The test passes if the XSSAuditor logs console messages and no alerts fire. |