Issue 420603003: Better distinguish between blocked and empty pages in XSS filter tests.

Issue 420603003: Better distinguish between blocked and empty pages in XSS filter tests. (Closed)

Created:
6 years, 5 months ago by Tom Sepez

Modified:
6 years, 5 months ago

Reviewers:
Mike West

CC:
blink-reviews, shans, rjwright, Mike Lawther (Google), blink-reviews-animation_chromium.org, dstockwell, Timothy Loh, darktears, Steve Block, mkwst+watchlist_chromium.org, Eric Willigers

Base URL:
svn://svn.chromium.org/blink/trunk

Project:
blink

Visibility:
Public.

More Reviews

Description

Better distinguish between blocked and empty pages in XSS filter tests. We currently detect the XSSAuditor's fully-blocked frames by the inability of a parent frame to access their contents due to the cross-origin "data:," URL they are redirected to as a result of the block. An example of this technique is the "cross origin frame" console message present in many CSP tests. Before we can improve the mechanism by which fully-blocked frames are handled, we need to stop relying on this side-effect. Instead, it is better to dump all child frames, and see if they have partial contents. But to do this we must ensure that all tests put some minimal content into the frame, otherwise a blocked frame and an empty frame produce identical output. We do this in the echo-intertag.pl file. This was split off from a forthcoming CL to reduce the file count in that CL. Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=178939

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+163 lines, -14 lines)			Patch
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block-expected.txt	View	1	1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow-expected.txt	View	1	1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block-expected.txt	View	1	1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter-expected.txt	View	1	1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid-expected.txt	View	1	1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset-expected.txt	View	1	1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block-expected.txt	View	1	1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block-expected.txt	View	1	1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block-expected.txt	View	1	1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset-expected.txt	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/xsl-blocked-expected.png	View		Binary file		0 comments	Download
M	LayoutTests/http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-1-expected.png	View		Binary file		0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/faux-script1-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/faux-script2-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/faux-script3-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/full-block-iframe-no-inherit-expected.txt	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/img-tag-with-comma-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-1-expected.txt	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-3-expected.txt	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-4-expected.txt	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-5-expected.txt	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-6-expected.txt	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-7-expected.txt	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-8-expected.txt	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-9-expected.txt	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter-2-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/svg-animate-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/viewsource-onmouseover-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/viewsource-script-tag-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-02-expected.txt	View	1	1 chunk	+2 lines, -0 lines	0 comments	Download