Index: LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10-expected.txt |
diff --git a/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10-expected.txt b/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10-expected.txt |
new file mode 100644 |
index 0000000000000000000000000000000000000000..1609c4b8bab64430ba92dbf9ce235e5e70cc9167 |
--- /dev/null |
+++ b/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10-expected.txt |
@@ -0,0 +1,10 @@ |
+CONSOLE ERROR: line 1: Error parsing header X-XSS-Protection: 0; mode=block: '0' disables protections, and may not be followed by any characters at character position 0. The default protections will be applied. |
+CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=10&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header. |
+This tests that a malformed X-XSS-Protection header that disables the Auditor and puts it into block mode is ignored, and that an error is reported. |
+ |
+ |
+ |
+-------- |
+Frame: 'frame' |
+-------- |
+If you see this message and no JavaScript alert() then the test PASSED. |