OLD | NEW |
---|---|
(Empty) | |
1 CONSOLE ERROR: line 1: Error parsing header X-XSS-Protection: 0; mode=block: '0' disables protections, and may not be followed by any characters at character po sition 0. The default protections will be applied. | |
2 CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://12 7.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malform ed-header=10&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script% 3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20the n%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the r equest. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header. | |
3 This tests that a malformed X-XSS-Protection header that disables the Auditor an d puts it into block mode is ignored, and that an error is reported. | |
4 | |
5 | |
6 | |
7 -------- | |
8 Frame: 'frame' | |
9 -------- | |
10 If you see this message and no JavaScript alert() then the test PASSED. | |
OLD | NEW |