Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter-expected.txt

Issue 337143004: Fix XSSAuditor handling of semicolon-separated attributes. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Restore lost FIXME comment. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter.html ('k') | Source/core/html/parser/XSSAuditor.h » ('j') | Source/core/html/parser/XSSAuditor.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter-expected.txt
diff --git a/LayoutTests/http/tests/security/xssAuditor/svg-animate-expected.txt b/LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter-expected.txt
similarity index 59%
copy from LayoutTests/http/tests/security/xssAuditor/svg-animate-expected.txt
copy to LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter-expected.txt
index 2cf5c467c504a74101d70860c5d4acc5b765bddc..f154b30f45d844947143a46b003fc4f8a779e066 100644
--- a/LayoutTests/http/tests/security/xssAuditor/svg-animate-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Csvg%20xmlns:xlink=%27http://www.w3.org/1999/xlink%27%3E%3Ca%3E%3Ccircle%20r=100%20/%3E%3Canimate%20attributeName=xlink:href%20values=%3Bjavascript%3Aalert(1)%20begin=0s%20end=0.1s%20fill=freeze%20/%3E%3C/a%3E%3C/svg%3E&notifyDone=1&dumpElementBySelector=animate' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Csvg%20xmlns:xlink=%27http://www.w3.org/1999/xlink%27%3E%3Ca%3E%3Ccircle%20r=100%20/%3E%3Canimate%20attributeName=xlink:href%20values=%3Bjavascript%3Aalert(1)%3B&clutter=blah%27%3E&notifyDone=1&dumpElementBySelector=animate' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
This test passes if the element displayed in the frame below has a 'values' attribute containing only 'javascript:void(0)'.
@@ -9,7 +9,4 @@ Frame: '<!--framePath //<!--frame0-->-->'
animate => animate
* attributeName: xlink:href
* values: javascript:void(0)
-* begin: 0s
-* end: 0.1s
-* fill: freeze
« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter.html ('k') | Source/core/html/parser/XSSAuditor.h » ('j') | Source/core/html/parser/XSSAuditor.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698