Index: third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt b/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt |
index 248b17488ef8d5f153c0bffe91535b9b69b8bb28..7f9f27d1d9ce9b64fb5d404cfa155c36f570c1dc 100644 |
--- a/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt |
@@ -1,3 +1,3 @@ |
-CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Cscript%3Ealert(1)%3C/script%3E&q=%3Csvg%3E%3Cscript%3E&q2=alert(0)%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server did not send an 'X-XSS-Protection' header. |
-CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Cscript%3Ealert(1)%3C/script%3E&q=%3Csvg%3E%3Cscript%3E&q2=alert(0)%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server did not send an 'X-XSS-Protection' header. |
+CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Cscript%3Ealert(1)%3C/script%3E&q=%3Csvg%3E%3Cscript%3E&q2=alert(0)%3C/script%3E%3C/svg%3E' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior. |
+CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Cscript%3Ealert(1)%3C/script%3E&q=%3Csvg%3E%3Cscript%3E&q2=alert(0)%3C/script%3E%3C/svg%3E' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior. |
Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed even with nested script blocks. |