third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html - Issue 2868973003: XSSAuditor: truncate form action attribute like other src-like attributes

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html

Issue 2868973003: XSSAuditor: truncate form action attribute like other src-like attributes (Closed)

Patch Set: rebase, update expectation Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
	(Empty)
1 <!DOCTYPE html>

2 <html>

3 <head>

4 <script>

5 if (window.testRunner) {

6 testRunner.dumpAsText();

7 testRunner.dumpChildFramesAsText();

8 testRunner.waitUntilDone();

9 testRunner.setXSSAuditorEnabled(true);

10 }

11 function done()

12 {

13 if (window.testRunner)

14 testRunner.notifyDone();

15 }

16 </script>

17 </head>

18 <body>

19 This test shows that the XSSAuditor can not be induced to fire against a leading

20 substring of an otherwise unknown attribute.

21 <iframe id="myframe"></iframe>

22 <script>

23 var pad = '11111111111111111111111111111111111111111111111111111';

24 var guess = 'action%3d%22http://localhost:8000/foo%3fpad%3d' + pad + '%26tok%3d1 234'

25 var src = 'resources/echo-form-action.pl?add-token=1&q=http://localhost:8000/foo %3fpad%3d' + pad + '&guess=' + guess;

26 document.getElementById('myframe').src = src;

27 </script>

28 </body>

29 </html>

OLD	NEW