Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(118)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl

Issue 2524013002: XSS Auditor: Block by default. (Closed)
Patch Set: Rebase+Test Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/resources/echo-inspan.pl ('k') | third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-addslashes.pl » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/usr/bin/perl -wT 1 #!/usr/bin/perl -wT
2 use strict; 2 use strict;
3 use CGI; 3 use CGI;
4 4
5 my $cgi = new CGI; 5 my $cgi = new CGI;
6 6
7 # Passing semicolons through the url to this script is problematic. The raw 7 # Passing semicolons through the url to this script is problematic. The raw
8 # form truncates the input and the %-encoded form isn't being decoded. Hence 8 # form truncates the input and the %-encoded form isn't being decoded. Hence
9 # this set of hard-coded headers. 9 # this set of hard-coded headers.
10 if ($cgi->param('disable-protection')) { 10 if ($cgi->param('disable-protection')) {
11 print "X-XSS-Protection: 0\n"; 11 print "X-XSS-Protection: 0\n";
12 } 12 } elsif ($cgi->param('enable-full-block')) {
13 if ($cgi->param('enable-full-block')) {
14 print "X-XSS-Protection: 1; mode=block\n"; 13 print "X-XSS-Protection: 1; mode=block\n";
15 } 14 } elsif ($cgi->param('enable-report')) {
16 if ($cgi->param('enable-report')) {
17 print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resources /save-report.php?test=" . $cgi->param('test') . "\n"; 15 print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resources /save-report.php?test=" . $cgi->param('test') . "\n";
18 } 16 } elsif ($cgi->param('enable-full-block-report')) {
19 if ($cgi->param('enable-full-block-report')) {
20 print "X-XSS-Protection: 1; mode=block; report=/security/contentSecurityPoli cy/resources/save-report.php?test=" . $cgi->param('test') . "\n"; 17 print "X-XSS-Protection: 1; mode=block; report=/security/contentSecurityPoli cy/resources/save-report.php?test=" . $cgi->param('test') . "\n";
21 } 18 } elsif ($cgi->param('valid-header')) {
22
23 if ($cgi->param('valid-header')) {
24 if ($cgi->param('valid-header') == 1) { 19 if ($cgi->param('valid-header') == 1) {
25 print "X-XSS-Protection: 1 ;MoDe = bLocK \n"; 20 print "X-XSS-Protection: 1 ;MoDe = bLocK \n";
26 } 21 }
27 if ($cgi->param('valid-header') == 2) { 22 if ($cgi->param('valid-header') == 2) {
28 print "X-XSS-Protection: 1; \n"; 23 print "X-XSS-Protection: 1; \n";
29 } 24 }
30 if ($cgi->param('valid-header') == 3) { 25 if ($cgi->param('valid-header') == 3) {
31 print "X-XSS-Protection: 1; mode=block; \n"; 26 print "X-XSS-Protection: 1; mode=block; \n";
32 } 27 }
33 if ($cgi->param('valid-header') == 4) { 28 if ($cgi->param('valid-header') == 4) {
34 print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resou rces/nonesuch.php; mode=block; \n"; 29 print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resou rces/nonesuch.php; mode=block; \n";
35 } 30 }
36 } 31 } elsif ($cgi->param('malformed-header')) {
37
38 if ($cgi->param('malformed-header')) {
39 if ($cgi->param('malformed-header') == 1) { 32 if ($cgi->param('malformed-header') == 1) {
40 print "X-XSS-Protection: 12345678901234567\n"; 33 print "X-XSS-Protection: 12345678901234567\n";
41 } 34 }
42 if ($cgi->param('malformed-header') == 2) { 35 if ($cgi->param('malformed-header') == 2) {
43 print "X-XSS-Protection: red\n"; 36 print "X-XSS-Protection: red\n";
44 } 37 }
45 if ($cgi->param('malformed-header') == 3) { 38 if ($cgi->param('malformed-header') == 3) {
46 print "X-XSS-Protection: 1; mode=purple\n"; 39 print "X-XSS-Protection: 1; mode=purple\n";
47 } 40 }
48 if ($cgi->param('malformed-header') == 4) { 41 if ($cgi->param('malformed-header') == 4) {
49 print "X-XSS-Protection: 1; mode=block-a-block-block\n"; 42 print "X-XSS-Protection: 1; mode=block-a-block-block\n";
50 } 43 }
51 if ($cgi->param('malformed-header') == 5) { 44 if ($cgi->param('malformed-header') == 5) {
52 print "X-XSS-Protection: 1; mode=block; report\n"; 45 print "X-XSS-Protection: 1; mode=block; report\n";
53 } 46 }
54 if ($cgi->param('malformed-header') == 6) { 47 if ($cgi->param('malformed-header') == 6) {
55 print "X-XSS-Protection: 1; report= ;\n"; 48 print "X-XSS-Protection: 1; report= ;\n";
56 } 49 }
57 if ($cgi->param('malformed-header') == 7) { 50 if ($cgi->param('malformed-header') == 7) {
58 print "X-XSS-Protection: 1; red\n"; 51 print "X-XSS-Protection: 1; red\n";
59 } 52 }
60 if ($cgi->param('malformed-header') == 8) { 53 if ($cgi->param('malformed-header') == 8) {
61 print "X-XSS-Protection: 1; mode=block; report=/fail; mode=block;\n"; 54 print "X-XSS-Protection: 1; mode=block; report=/fail; mode=block;\n";
62 } 55 }
63 if ($cgi->param('malformed-header') == 9) { 56 if ($cgi->param('malformed-header') == 9) {
64 print "X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;\n"; 57 print "X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;\n";
65 } 58 }
59 } else {
60 print "X-XSS-Protection: 1\n";
66 } 61 }
67 62
68 print "Content-Type: text/html; charset="; 63 print "Content-Type: text/html; charset=";
69 print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8"; 64 print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8";
70 print "\n\n"; 65 print "\n\n";
71 66
72 print "<!DOCTYPE html>\n"; 67 print "<!DOCTYPE html>\n";
73 print "<html>\n"; 68 print "<html>\n";
74 if ($cgi->param('wait-for-load')) { 69 if ($cgi->param('wait-for-load')) {
75 print "<script>\n"; 70 print "<script>\n";
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
141 if ($cgi->param('echo-report')) { 136 if ($cgi->param('echo-report')) {
142 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo rt.js></script>\n"; 137 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo rt.js></script>\n";
143 } 138 }
144 print "Page rendered here.\n"; 139 print "Page rendered here.\n";
145 if ($cgi->param('inHead')) { 140 if ($cgi->param('inHead')) {
146 print "</head>\n"; 141 print "</head>\n";
147 } else { 142 } else {
148 print "</body>\n"; 143 print "</body>\n";
149 } 144 }
150 print "</html>\n"; 145 print "</html>\n";
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/resources/echo-inspan.pl ('k') | third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-addslashes.pl » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698