OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <script src="http://localhost:8000/security/xssAuditor/resources/utilities.js"><
/script> | 4 <script src="/security/xssAuditor/resources/utilities.js"></script> |
5 <script> | 5 <script> |
6 if (window.testRunner) { | 6 if (window.testRunner) { |
7 testRunner.dumpAsText(); | 7 testRunner.dumpAsText(); |
8 testRunner.dumpChildFramesAsText(); | 8 testRunner.dumpChildFramesAsText(); |
9 testRunner.waitUntilDone(); | 9 testRunner.waitUntilDone(); |
10 testRunner.setXSSAuditorEnabled(true); | 10 testRunner.setXSSAuditorEnabled(true); |
11 } | 11 } |
12 | 12 |
13 function checkframe() | 13 function checkframe() |
14 { | 14 { |
15 try { | 15 try { |
16 var ref = document.getElementById("frame").contentDocument.referrer; | 16 var ref = document.getElementById("frame").contentDocument.referrer; |
17 console.log('FAIL: Referrer is "' + ref + '"'); | 17 console.log('PASS: Referrer is "' + ref + '"'); |
18 } catch (e) { | 18 } catch (e) { |
19 console.log('PASS: Cross-origin access threw: \'' + e.toString() + '\'.'
); | 19 console.log('FAIL: same-origin access threw: \'' + e.toString() + '\'.')
; |
20 } | 20 } |
21 checkIfFrameLocationMatchesSrcAndCallDone('frame'); | 21 checkIfFrameLocationMatchesSrcAndCallDone('frame'); |
22 } | 22 } |
23 </script> | 23 </script> |
24 </head> | 24 </head> |
25 <body> | 25 <body> |
26 <p>There should be no content in the iframe below:</p> | 26 <p>There should be no content in the iframe below:</p> |
27 <iframe id="frame" name="frame" onload="checkframe()" src="http://127.0.0.1:8000
/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script>al
ert(String.fromCharCode(0x58,0x53,0x53))</script>"> | 27 <iframe id="frame" name="frame" onload="checkframe()" src="http://127.0.0.1:8000
/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script>al
ert(String.fromCharCode(0x58,0x53,0x53))</script>"> |
28 </iframe> | 28 </iframe> |
29 </body> | 29 </body> |
30 </html> | 30 </html> |
OLD | NEW |