OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <script> | 4 <script> |
5 if (window.testRunner) { | 5 if (window.testRunner) { |
6 testRunner.dumpAsText(); | 6 testRunner.dumpAsText(); |
7 testRunner.dumpChildFramesAsText(); | 7 testRunner.dumpChildFramesAsText(); |
8 testRunner.setXSSAuditorEnabled(true); | 8 testRunner.setXSSAuditorEnabled(true); |
9 testRunner.waitUntilDone(); | 9 testRunner.waitUntilDone(); |
10 } | 10 } |
11 </script> | 11 </script> |
12 </head> | 12 </head> |
13 <body> | 13 <body> |
14 <p>Test for use of original post body in redirect. If the auditor fires, | 14 <p>Test for use of original post body in redirect. If the auditor fires, |
15 we've got a false positive from that.</p> | 15 we've got a false positive from that.</p> |
16 <iframe name="tg" src="about:blank"></iframe> | 16 <iframe name="tg" src="about:blank"></iframe> |
17 <form target="tg" method="POST" id="theForm" | 17 <form target="tg" method="POST" id="theForm" |
18 action="resources/redir.php?url=http://localhost:8000/security/xssAuditor/reso
urces/static-script.html%3fdecoy=<script>"> | 18 action="resources/redir.php?url=http://localhost:8000/security/xssAuditor/reso
urces/static-script.php%3fdecoy=<script>"> |
19 <input type="text" name="yourname" value="hunter"/> | 19 <input type="text" name="yourname" value="hunter"/> |
20 <input type="text" name="required for activation" value="<>"/> | 20 <input type="text" name="required for activation" value="<>"/> |
21 </form> | 21 </form> |
22 <script> | 22 <script> |
23 document.getElementById('theForm').submit(); | 23 document.getElementById('theForm').submit(); |
24 </script> | 24 </script> |
25 </body> | 25 </body> |
26 </html> | 26 </html> |
OLD | NEW |