Index: LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10.html |
diff --git a/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source.html b/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10.html |
similarity index 57% |
copy from LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source.html |
copy to LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10.html |
index 928cfed075900a77f761554a48d7ec5d64903953..43cef89734a53229c092b9df8005bb894e7e4155 100644 |
--- a/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source.html |
+++ b/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-10.html |
@@ -12,8 +12,8 @@ if (window.testRunner) { |
</script> |
</head> |
<body> |
-<p>There should be no content in the iframe below:</p> |
-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script src='http://localhost:8000/security/xssAuditor/resources/xss.js'></script>"> |
+<p>This tests that a malformed X-XSS-Protection header that disables the Auditor and puts it into block mode is ignored, and that an error is reported.</a></p> |
+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=10&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>"> |
</iframe> |
</body> |
</html> |