Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(34)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl

Issue 90993003: X-XSS-Protection parser shoud reject '0; mode=block' (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10-expected.txt ('k') | Source/platform/network/HTTPParsers.cpp » ('j') | Source/platform/network/HTTPParsers.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/usr/bin/perl -wT 1 #!/usr/bin/perl -wT
2 use strict; 2 use strict;
3 use CGI; 3 use CGI;
4 4
5 my $cgi = new CGI; 5 my $cgi = new CGI;
6 6
7 # Passing semicolons through the url to this script is problematic. The raw 7 # Passing semicolons through the url to this script is problematic. The raw
8 # form truncates the input and the %-encoded form isn't being decoded. Hence 8 # form truncates the input and the %-encoded form isn't being decoded. Hence
9 # this set of hard-coded headers. 9 # this set of hard-coded headers.
10 if ($cgi->param('disable-protection')) { 10 if ($cgi->param('disable-protection')) {
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
56 } 56 }
57 if ($cgi->param('malformed-header') == 7) { 57 if ($cgi->param('malformed-header') == 7) {
58 print "X-XSS-Protection: 1; red\n"; 58 print "X-XSS-Protection: 1; red\n";
59 } 59 }
60 if ($cgi->param('malformed-header') == 8) { 60 if ($cgi->param('malformed-header') == 8) {
61 print "X-XSS-Protection: 1; mode=block; report=/fail; mode=block;\n"; 61 print "X-XSS-Protection: 1; mode=block; report=/fail; mode=block;\n";
62 } 62 }
63 if ($cgi->param('malformed-header') == 9) { 63 if ($cgi->param('malformed-header') == 9) {
64 print "X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;\n"; 64 print "X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;\n";
65 } 65 }
66 if ($cgi->param('malformed-header') == 10) {
67 print "X-XSS-Protection: 0; mode=block\n";
68 }
66 } 69 }
67 70
68 if ($cgi->param('csp') eq '_empty_') { 71 if ($cgi->param('csp') eq '_empty_') {
69 print "Content-Security-Policy: reflected-xss\n"; 72 print "Content-Security-Policy: reflected-xss\n";
70 } elsif ($cgi->param('csp')) { 73 } elsif ($cgi->param('csp')) {
71 print "Content-Security-Policy: reflected-xss " . $cgi->param('csp') . "\n"; 74 print "Content-Security-Policy: reflected-xss " . $cgi->param('csp') . "\n";
72 } 75 }
73 76
74 print "Content-Type: text/html; charset="; 77 print "Content-Type: text/html; charset=";
75 print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8"; 78 print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8";
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
139 } 142 }
140 if ($cgi->param('echo-report')) { 143 if ($cgi->param('echo-report')) {
141 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo rt.js></script>\n"; 144 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo rt.js></script>\n";
142 } 145 }
143 if ($cgi->param('inHead')) { 146 if ($cgi->param('inHead')) {
144 print "</head>\n"; 147 print "</head>\n";
145 } else { 148 } else {
146 print "</body>\n"; 149 print "</body>\n";
147 } 150 }
148 print "</html>\n"; 151 print "</html>\n";
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10-expected.txt ('k') | Source/platform/network/HTTPParsers.cpp » ('j') | Source/platform/network/HTTPParsers.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698