Changeset 143920 in webkit
- Timestamp:
- Feb 25, 2013 6:53:52 AM (11 years ago)
- Location:
- trunk/LayoutTests
- Files:
-
- 40 added
- 13 deleted
- 3 edited
- 1 copied
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r143916 r143920 1 2013-02-25 Mike West <mkwst@chromium.org> 2 3 XSSAuditor tests shouldn't depend on IFrames's load order. 4 https://bugs.webkit.org/show_bug.cgi?id=110737 5 6 Reviewed by Jochen Eisinger. 7 8 Various tests under http/tests/security/xssAuditor actually wrap up 9 multiple test cases under a single HTML file by loading a variety of 10 IFrames. Currently, the error messages that these tests expect aren't 11 detailed enough to distinguish between the order in which the IFrames 12 load: they all generate the same error, so the ordering is irrelevant. 13 14 Before we increase the error message detail in webkit.org/b/110733, we 15 need to ensure that these tests don't rely on load order. One option 16 is to serialize the IFrame loading by chaining onload events, but that 17 seems like a slow way of doing things. This patch takes a different 18 approach, breaking the multiple-IFrame tests into many single-IFrame 19 tests (which should be more shardable, and actually execute more quickly 20 in the long run). 21 22 * http/tests/security/xssAuditor/open-iframe-src-expected.txt: Removed. 23 * http/tests/security/xssAuditor/open-iframe-src.html: Removed. 24 * http/tests/security/xssAuditor/open-script-src-expected.txt: Removed. 25 * http/tests/security/xssAuditor/open-script-src.html: Removed. 26 * http/tests/security/xssAuditor/property-escape-comment-expected.txt: Removed. 27 * http/tests/security/xssAuditor/property-escape-comment.html: Removed. 28 * http/tests/security/xssAuditor/property-escape-entity-expected.txt: Removed. 29 * http/tests/security/xssAuditor/property-escape-entity.html: Removed. 30 * http/tests/security/xssAuditor/property-escape-quote-expected.txt: Removed. 31 * http/tests/security/xssAuditor/property-escape-quote.html: Removed. 32 * http/tests/security/xssAuditor/script-tag-with-comma-expected.txt: Removed. 33 * http/tests/security/xssAuditor/script-tag-with-comma.html: Removed. 34 * http/tests/security/xssAuditor/script-tag-with-source-unterminated-expected.txt: Removed. 35 * http/tests/security/xssAuditor/script-tag-with-source-unterminated.html: Removed. 36 Removed these tests, breaking them into multiple single-IFrame HTML files. 37 * http/tests/security/xssAuditor/open-iframe-src-01.html: Added. 38 * http/tests/security/xssAuditor/open-iframe-src-02.html: Added. 39 * http/tests/security/xssAuditor/open-script-src-01-expected.txt: Added. 40 * http/tests/security/xssAuditor/open-script-src-01.html: Added. 41 * http/tests/security/xssAuditor/open-script-src-02-expected.txt: Added. 42 * http/tests/security/xssAuditor/open-script-src-02.html: Added. 43 * http/tests/security/xssAuditor/open-script-src-03-expected.txt: Added. 44 * http/tests/security/xssAuditor/open-script-src-03.html: Added. 45 * http/tests/security/xssAuditor/open-script-src-04-expected.txt: Added. 46 * http/tests/security/xssAuditor/open-script-src-04.html: Added. 47 * http/tests/security/xssAuditor/property-escape-comment-01-expected.txt: Added. 48 * http/tests/security/xssAuditor/property-escape-comment-01.html: Added. 49 * http/tests/security/xssAuditor/property-escape-comment-02-expected.txt: Added. 50 * http/tests/security/xssAuditor/property-escape-comment-02.html: Added. 51 * http/tests/security/xssAuditor/property-escape-comment-03-expected.txt: Added. 52 * http/tests/security/xssAuditor/property-escape-comment-03.html: Added. 53 * http/tests/security/xssAuditor/property-escape-entity-01-expected.txt: Added. 54 * http/tests/security/xssAuditor/property-escape-entity-01.html: Added. 55 * http/tests/security/xssAuditor/property-escape-entity-02-expected.txt: Added. 56 * http/tests/security/xssAuditor/property-escape-entity-02.html: Added. 57 * http/tests/security/xssAuditor/property-escape-entity-03-expected.txt: Added. 58 * http/tests/security/xssAuditor/property-escape-entity-03.html: Added. 59 * http/tests/security/xssAuditor/property-escape-quote-01.html: Added. 60 * http/tests/security/xssAuditor/property-escape-quote-02.html: Added. 61 * http/tests/security/xssAuditor/property-escape-quote-03.html: Added. 62 * http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt: Added. 63 * http/tests/security/xssAuditor/script-tag-with-comma-01.html: Added. 64 * http/tests/security/xssAuditor/script-tag-with-comma-02-expected.txt: Added. 65 * http/tests/security/xssAuditor/script-tag-with-comma-02.html: Added. 66 * http/tests/security/xssAuditor/script-tag-with-source-unterminated-01-expected.txt: Added. 67 * http/tests/security/xssAuditor/script-tag-with-source-unterminated-01.html: Added. 68 * http/tests/security/xssAuditor/script-tag-with-source-unterminated-02-expected.txt: Added. 69 * http/tests/security/xssAuditor/script-tag-with-source-unterminated-02.html: Added. 70 * http/tests/security/xssAuditor/script-tag-with-source-unterminated-03-expected.txt: Added. 71 * http/tests/security/xssAuditor/script-tag-with-source-unterminated-03.html: Added. 72 * http/tests/security/xssAuditor/script-tag-with-trailing-comment5.html: Added. 73 These tests perform the same validation as the combined tests, they 74 simply do it without introducing load-order dependencies. 75 1 76 2013-02-25 Vsevolod Vlasov <vsevik@chromium.org> 2 77 -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt
r143918 r143920 1 1 CONSOLE MESSAGE: line 4: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 CONSOLE MESSAGE: line 4: Refused to execute a JavaScript script. Source code of script found within request.4 3 5 6 4 Test that the XSSAuditor catches the specific case where the IIS webserver resovles multiply occuring query parameters by concatenating them before passing the result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The test passes if the XSSAuditor logs console messages and no alerts fire. -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-02-expected.txt
r143918 r143920 1 1 CONSOLE MESSAGE: line 4: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 CONSOLE MESSAGE: line 4: Refused to execute a JavaScript script. Source code of script found within request.4 3 5 6 4 Test that the XSSAuditor catches the specific case where the IIS webserver resovles multiply occuring query parameters by concatenating them before passing the result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The test passes if the XSSAuditor logs console messages and no alerts fire. -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment2-expected.txt
r136657 r143920 1 1 CONSOLE MESSAGE: line 5: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 CONSOLE MESSAGE: line 5: Refused to execute a JavaScript script. Source code of script found within request.4 3 5 -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment2.html
r120174 r143920 2 2 <html> 3 3 <head> 4 <script>5 if (window.testRunner) {6 testRunner.dumpAsText();7 testRunner.setXSSAuditorEnabled(true);8 }9 </script>4 <script> 5 if (window.testRunner) { 6 testRunner.dumpAsText(); 7 testRunner.setXSSAuditorEnabled(true); 8 } 9 </script> 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<i><b>&q=<script>//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))</script>"> 13 </iframe> 14 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<i><b>&q=<script>x=1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))</script>"> 15 </iframe> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<i><b>&q=<script>//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe> 16 13 </body> 17 14 </html>
Note: See TracChangeset
for help on using the changeset viewer.