OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <html> | |
3 <head> | |
4 <script> | |
5 if (window.testRunner) { | |
6 testRunner.dumpAsText(); | |
7 testRunner.dumpChildFramesAsText(); | |
8 testRunner.waitUntilDone(); | |
9 testRunner.setXSSAuditorEnabled(true); | |
10 } | |
11 function done() | |
12 { | |
13 if (window.testRunner) | |
14 testRunner.notifyDone(); | |
15 } | |
16 </script> | |
17 </head> | |
18 <body> | |
19 This test shows that the XSSAuditor can not be induced to fire against a leading | |
20 substring of an otherwise unknown attribute. | |
21 <iframe id="myframe"></iframe> | |
22 <script> | |
23 var pad = '11111111111111111111111111111111111111111111111111111'; | |
24 var guess = 'action%3d%22http://localhost:8000/foo%3fpad%3d' + pad + '%26tok%3d1
234' | |
25 var src = 'resources/echo-form-action.pl?add-token=1&q=http://localhost:8000/foo
%3fpad%3d' + pad + '&guess=' + guess; | |
26 document.getElementById('myframe').src = src; | |
27 </script> | |
28 </body> | |
29 </html> | |
OLD | NEW |