Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(622)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-1-expected.txt

Issue 2524013002: XSS Auditor: Block by default. (Closed)
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-expected.txt ('K') | « third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 CONSOLE ERROR: Error parsing header X-XSS-Protection: 12345678901234567: expecte d semicolon at character position 2. The default protections will be applied. 1 CONSOLE ERROR: Error parsing header X-XSS-Protection: 12345678901234567: expecte d semicolon at character position 2. The default protections will be applied.
2 CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://12 7.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malform ed-header=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3 E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then %20the%20test%20PASSED.%3C/p%3E' because its source code was found within the re quest. The auditor was enabled as the server did not send an 'X-XSS-Protection' header. 2 CONSOLE ERROR: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/ security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=1&q =%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20 you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test %20PASSED.%3C/p%3E' because the source code of a script was found within the req uest. The auditor was enabled as the server did not send an 'X-XSS-Protection' h eader.
3 ALERT: URL mismatch: '[Location object access threw exception]' vs. 'http://127. 0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed -header=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E% 3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%2 0the%20test%20PASSED.%3C/p%3E'
Mike West 2016/11/23 15:35:42 Because we're now blocking, these tests fail to re
3 This tests that a malformed X-XSS-Protection header is not ignored when the leng th of its value exceeds 16 characters, and that an error is reported. 4 This tests that a malformed X-XSS-Protection header is not ignored when the leng th of its value exceeds 16 characters, and that an error is reported.
4 5
5 6
6 7
7 -------- 8 --------
8 Frame: 'frame' 9 Frame: 'frame'
9 -------- 10 --------
10 If you see this message and no JavaScript alert() then the test PASSED.
11 11
12 Page rendered here.
OLDNEW
« third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-expected.txt ('K') | « third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698