| Index: LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10.html
|
| diff --git a/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source.html b/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10.html
|
| similarity index 57%
|
| copy from LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source.html
|
| copy to LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10.html
|
| index 928cfed075900a77f761554a48d7ec5d64903953..43cef89734a53229c092b9df8005bb894e7e4155 100644
|
| --- a/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source.html
|
| +++ b/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10.html
|
| @@ -12,8 +12,8 @@ if (window.testRunner) {
|
| </script>
|
| </head>
|
| <body>
|
| -<p>There should be no content in the iframe below:</p>
|
| -<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script src='http://localhost:8000/security/xssAuditor/resources/xss.js'></script>">
|
| +<p>This tests that a malformed X-XSS-Protection header that disables the Auditor and puts it into block mode is ignored, and that an error is reported.</a></p>
|
| +<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=10&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
|
| </iframe>
|
| </body>
|
| </html>
|
|
|
Chromium Code Reviews
Issue 90993003:
X-XSS-Protection parser shoud reject '0; mode=block' (Closed)
Base URL: svn://svn.chromium.org/blink/trunk