Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Side by Side Diff: LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10-expected.txt

Issue 90993003: X-XSS-Protection parser shoud reject '0; mode=block' (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 CONSOLE ERROR: line 1: Error parsing header X-XSS-Protection: 0; mode=block: '0' disables protections, and may not be followed by any characters at character po sition 0. The default protections will be applied.
2 CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://12 7.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malform ed-header=10&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script% 3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20the n%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the r equest. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
3 This tests that a malformed X-XSS-Protection header that disables the Auditor an d puts it into block mode is ignored, and that an error is reported.
4
5
6
7 --------
8 Frame: 'frame'
9 --------
10 If you see this message and no JavaScript alert() then the test PASSED.
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698