OLD | NEW |
1 <!DOCTYPE html><html><head></head><body><iframe id="x" name="x" src="/security/x
ssAuditor/resources/echo-intertag.pl?q=%3cscript%3ealert(/xss/)%3c/script%3e"></
iframe> | 1 <!DOCTYPE html><html><head></head><body><iframe id="x" name="x" src="/security/x
ssAuditor/resources/echo-intertag.pl?q=%3cscript%3ealert(/xss/)%3c/script%3e"></
iframe> |
2 <script> | 2 <script> |
3 var frame = document.getElementById('x'); | 3 var frame = document.getElementById('x'); |
4 if (window.testRunner) { | 4 if (window.testRunner) { |
5 testRunner.waitUntilDone(); | 5 testRunner.waitUntilDone(); |
6 testRunner.setXSSAuditorEnabled(true); | 6 testRunner.setXSSAuditorEnabled(true); |
7 testRunner.dumpAsMarkup(); | 7 testRunner.dumpAsMarkup(); |
8 testRunner.dumpChildFramesAsMarkup(); | 8 testRunner.dumpChildFramesAsMarkup(); |
9 testRunner.setViewSourceForFrame('x', true); | 9 testRunner.setViewSourceForFrame('x', true); |
10 frame.onload = testRunner.notifyDone.bind(testRunner); | 10 frame.onload = testRunner.notifyDone.bind(testRunner); |
11 } | 11 } |
12 frame.src = '/security/xssAuditor/resources/echo-intertag.pl?q=%3cscript%3ealert
(/xss/)%3c/script%3e'; | 12 frame.src = '/security/xssAuditor/resources/echo-intertag.pl?q=%3cscript%3ealert
(/xss/)%3c/script%3e'; |
13 </script> | 13 </script> |
14 <p>This test passes if the iframe is rendered in view-source mode such that scri
pt doesn't execute and | 14 <p>This test passes if the iframe is rendered in view-source mode such that scri
pt doesn't execute and |
15 instead the "alert(/xss/)" is in a highlighted span.</p> | 15 instead the "alert(/xss/)" is in a highlighted span.</p> |
16 | 16 |
17 </body></html> | 17 </body></html> |
18 | 18 |
19 -------- | 19 -------- |
20 Frame: 'x' | 20 Frame: 'x' |
21 -------- | 21 -------- |
22 <html><head></head><body><div class="webkit-line-gutter-backdrop"></div><table><
tbody><tr><td class="webkit-line-number" value="1"></td><td class="webkit-line-c
ontent"><span class="webkit-html-doctype"><!DOCTYPE html></span></td></tr>
<tr><td class="webkit-line-number" value="2"></td><td class="webkit-line-content
"><span class="webkit-html-tag"><html></span></td></tr><tr><td class="webk
it-line-number" value="3"></td><td class="webkit-line-content"><span class="webk
it-html-tag"><body></span></td></tr><tr><td class="webkit-line-number" val
ue="4"></td><td class="webkit-line-content"><span class="webkit-html-tag"><sc
ript></span><span class="webkit-highlight" title="Token contains a reflected
XSS vector">alert(/xss/)</span><span class="webkit-html-tag"></script></sp
an><span class="webkit-html-tag"></body></span></td></tr><tr><td class="we
bkit-line-number" value="5"></td><td class="webkit-line-content"><span class="we
bkit-html-tag"></html></span></td></tr><tr><td class="webkit-line-number"
value="6"></td><td class="webkit-line-content"><span class="webkit-html-end-of-f
ile"></span></td></tr></tbody></table></body></html> | 22 <html><head></head><body><div class="line-gutter-backdrop"></div><table><tbody><
tr><td class="line-number" value="1"></td><td class="line-content"><span class="
html-doctype"><!DOCTYPE html></span></td></tr><tr><td class="line-number"
value="2"></td><td class="line-content"><span class="html-tag"><html></spa
n></td></tr><tr><td class="line-number" value="3"></td><td class="line-content">
<span class="html-tag"><body></span></td></tr><tr><td class="line-number"
value="4"></td><td class="line-content"><span class="html-tag"><script></s
pan><span class="highlight" title="Token contains a reflected XSS vector">alert(
/xss/)</span><span class="html-tag"></script></span><span class="html-tag"
></body></span></td></tr><tr><td class="line-number" value="5"></td><td cl
ass="line-content"><span class="html-tag"></html></span></td></tr><tr><td
class="line-number" value="6"></td><td class="line-content"><span class="html-en
d-of-file"></span></td></tr></tbody></table></body></html> |
OLD | NEW |