Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(107)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/xssAuditor/html5-import-CORS-expected.txt

Issue 644663003: Apply XSSAuditor to html5 import (i.e. <link rel="import">) tags. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Remove parameter name. Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/html5-import-CORS.html ('k') | LayoutTests/http/tests/security/xssAuditor/html5-import-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://lo calhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3clink%20rel=%22i mport%22%20href=%22http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%22 %3e' because its source code was found within the request. The auditor was enabl ed as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy ' header.
2
3 This test passes if the XSSAuditor blocks the load prior to the CORS restriction kicking in. We've not bothered to enable CORS for this test, unlike what a real attacker would do, so a CORS error here means failure.
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/html5-import-CORS.html ('k') | LayoutTests/http/tests/security/xssAuditor/html5-import-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698