OLD | NEW |
1 CONSOLE ERROR: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/
security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-header=3&q=%3C
script%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%
20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20P
ASSED.%3C/p%3E' because the source code of a script was found within the request
. The server sent an 'X-XSS-Protection' header requesting this behavior. | 1 CONSOLE ERROR: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/
security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-header=3&q=%3C
script%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%
20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20P
ASSED.%3C/p%3E' because the source code of a script was found within the request
. The server sent an 'X-XSS-Protection' header requesting this behavior. |
2 ALERT: URL mismatch: '[Location object access threw exception]' vs. 'http://127.
0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-hea
der=3&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%
3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the
%20test%20PASSED.%3C/p%3E' | |
3 This tests that the X-XSS-Protection header is not ignored when there is a trail
ing semicolon following mode=blank. Although theoretically malformed, we tolerat
e this case without issuing an error. | 2 This tests that the X-XSS-Protection header is not ignored when there is a trail
ing semicolon following mode=blank. Although theoretically malformed, we tolerat
e this case without issuing an error. |
4 | 3 |
5 | 4 |
6 | 5 |
7 -------- | 6 -------- |
8 Frame: 'frame' | 7 Frame: 'frame' |
9 -------- | 8 -------- |
10 | 9 |
OLD | NEW |