third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt - Issue 2524013002: XSS Auditor: Block by default.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt

Issue 2524013002: XSS Auditor: Block by default. (Closed)

Patch Set: Rebase+Test Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://lo calhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3E/*/0, 0/,*/-alert(0)%3C/script%3E' because its source code was found within the reque st. The auditor was enabled as the server did not send an 'X-XSS-Protection' hea der.	1 CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://lo calhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3E/*/0, 0/,*/-alert(0)%3C/script%3E' because its source code was found within the reque st. The server sent an 'X-XSS-Protection' header requesting this behavior.

2	2

3 Test that the XSSAuditor's tolerance for the IIS webserver's comma concatenation doesn't open holes when the reflected argument contains an actual comma. The te st passes if the XSSAuditor logs console messages and no alerts fire.	3 Test that the XSSAuditor's tolerance for the IIS webserver's comma concatenation doesn't open holes when the reflected argument contains an actual comma. The te st passes if the XSSAuditor logs console messages and no alerts fire.

OLD	NEW