Context Navigation

← Previous Changeset
Next Changeset →

Changeset 95161 in webkit

Timestamp:

Sep 14, 2011 9:24:50 PM (13 years ago)

Author:

commit-queue@webkit.org

Message:

Fix tests made trivial by the bugfix to 27895, by removing leading punctuation
which would cause early truncation of the page snippet.

https://bugs.webkit.org/show_bug.cgi?id=27895

Patch by Tom Sepez <tsepez@chromium.org> on 2011-09-14
Reviewed by Adam Barth.

http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char.html:
http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html:
http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html:
http/tests/security/xssAuditor/anchor-url-dom-write-location.html:
http/tests/security/xssAuditor/dom-write-URL.html:
http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt:
http/tests/security/xssAuditor/dom-write-innerHTML.html:
http/tests/security/xssAuditor/dom-write-location-inline-event.html:
http/tests/security/xssAuditor/dom-write-location-javascript-URL.html:
http/tests/security/xssAuditor/dom-write-location.html:
http/tests/security/xssAuditor/full-block-get-from-iframe.html:
http/tests/security/xssAuditor/full-block-javascript-link.html:
http/tests/security/xssAuditor/full-block-link-onclick.html:
http/tests/security/xssAuditor/full-block-post-from-iframe.html:
http/tests/security/xssAuditor/full-block-script-tag.html:
http/tests/security/xssAuditor/get-from-iframe.html:
http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html:
http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html:
http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html:
http/tests/security/xssAuditor/img-onerror-tricky.html:
http/tests/security/xssAuditor/javascript-link-null-char.html:
http/tests/security/xssAuditor/javascript-link-one-plus-one.html:
http/tests/security/xssAuditor/javascript-link.html:
http/tests/security/xssAuditor/link-onclick-ampersand.html:
http/tests/security/xssAuditor/link-onclick-control-char.html:
http/tests/security/xssAuditor/link-onclick-entities.html:
http/tests/security/xssAuditor/link-onclick-null-char.html:
http/tests/security/xssAuditor/link-onclick.html:
http/tests/security/xssAuditor/link-opens-new-window.html:
http/tests/security/xssAuditor/malformed-xss-protection-header.html:
http/tests/security/xssAuditor/open-attribute-body.html:
http/tests/security/xssAuditor/open-event-handler-iframe.html:
http/tests/security/xssAuditor/post-from-iframe.html:
http/tests/security/xssAuditor/property-escape-comment.html:
http/tests/security/xssAuditor/property-escape-entity.html:
http/tests/security/xssAuditor/property-escape-noquotes-expected.txt:
http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt:
http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html:
http/tests/security/xssAuditor/property-escape-noquotes.html:
http/tests/security/xssAuditor/property-escape-quote.html:
http/tests/security/xssAuditor/property-escape.html:
http/tests/security/xssAuditor/property-inject-expected.txt:
http/tests/security/xssAuditor/property-inject.html:
http/tests/security/xssAuditor/script-tag-addslashes-backslash.html:
http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html:
http/tests/security/xssAuditor/script-tag-addslashes-null-char.html:
http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html:
http/tests/security/xssAuditor/script-tag-control-char.html:
http/tests/security/xssAuditor/script-tag-entities.html:
http/tests/security/xssAuditor/script-tag-null-char.html:
http/tests/security/xssAuditor/script-tag-open-redirect.html:
http/tests/security/xssAuditor/script-tag-post-control-char.html:
http/tests/security/xssAuditor/script-tag-post-null-char.html:
http/tests/security/xssAuditor/script-tag-post.html:
http/tests/security/xssAuditor/script-tag-redirect.html:
http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html:
http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html:
http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html:
http/tests/security/xssAuditor/script-tag.html:
http/tests/security/xssAuditor/xss-protection-parsing-01.html:

Location:

trunk/LayoutTests

Files:

: 61 edited

ChangeLog (modified) (1 diff)
http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char.html (modified) (1 diff)
http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html (modified) (1 diff)
http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html (modified) (1 diff)
http/tests/security/xssAuditor/anchor-url-dom-write-location.html (modified) (1 diff)
http/tests/security/xssAuditor/dom-write-URL.html (modified) (1 diff)
http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt (modified) (1 diff)
http/tests/security/xssAuditor/dom-write-innerHTML.html (modified) (1 diff)
http/tests/security/xssAuditor/dom-write-location-inline-event.html (modified) (1 diff)
http/tests/security/xssAuditor/dom-write-location-javascript-URL.html (modified) (1 diff)
http/tests/security/xssAuditor/dom-write-location.html (modified) (1 diff)
http/tests/security/xssAuditor/full-block-get-from-iframe.html (modified) (1 diff)
http/tests/security/xssAuditor/full-block-javascript-link.html (modified) (1 diff)
http/tests/security/xssAuditor/full-block-link-onclick.html (modified) (1 diff)
http/tests/security/xssAuditor/full-block-post-from-iframe.html (modified) (1 diff)
http/tests/security/xssAuditor/full-block-script-tag.html (modified) (1 diff)
http/tests/security/xssAuditor/get-from-iframe.html (modified) (1 diff)
http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html (modified) (1 diff)
http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html (modified) (1 diff)
http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html (modified) (1 diff)
http/tests/security/xssAuditor/img-onerror-tricky.html (modified) (1 diff)
http/tests/security/xssAuditor/javascript-link-null-char.html (modified) (1 diff)
http/tests/security/xssAuditor/javascript-link-one-plus-one.html (modified) (1 diff)
http/tests/security/xssAuditor/javascript-link.html (modified) (1 diff)
http/tests/security/xssAuditor/link-onclick-ampersand.html (modified) (1 diff)
http/tests/security/xssAuditor/link-onclick-control-char.html (modified) (1 diff)
http/tests/security/xssAuditor/link-onclick-entities.html (modified) (1 diff)
http/tests/security/xssAuditor/link-onclick-null-char.html (modified) (1 diff)
http/tests/security/xssAuditor/link-onclick.html (modified) (1 diff)
http/tests/security/xssAuditor/link-opens-new-window.html (modified) (1 diff)
http/tests/security/xssAuditor/malformed-xss-protection-header.html (modified) (1 diff)
http/tests/security/xssAuditor/open-attribute-body.html (modified) (1 diff)
http/tests/security/xssAuditor/open-event-handler-iframe.html (modified) (1 diff)
http/tests/security/xssAuditor/post-from-iframe.html (modified) (1 diff)
http/tests/security/xssAuditor/property-escape-comment.html (modified) (1 diff)
http/tests/security/xssAuditor/property-escape-entity.html (modified) (1 diff)
http/tests/security/xssAuditor/property-escape-noquotes-expected.txt (modified) (1 diff)
http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt (modified) (1 diff)
http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html (modified) (1 diff)
http/tests/security/xssAuditor/property-escape-noquotes.html (modified) (1 diff)
http/tests/security/xssAuditor/property-escape-quote.html (modified) (1 diff)
http/tests/security/xssAuditor/property-escape.html (modified) (1 diff)
http/tests/security/xssAuditor/property-inject-expected.txt (modified) (1 diff)
http/tests/security/xssAuditor/property-inject.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-addslashes-backslash.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-addslashes-null-char.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-control-char.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-entities.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-null-char.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-open-redirect.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-post-control-char.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-post-null-char.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-post.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-redirect.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html (modified) (1 diff)
http/tests/security/xssAuditor/script-tag.html (modified) (1 diff)
http/tests/security/xssAuditor/xss-protection-parsing-01.html (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r95155
+                      r95161
+-09-14  Tom Sepez  <tsepez@chromium.org>
+        Fix tests made trivial by the bugfix to 27895, by removing leading punctuation
+        which would cause early truncation of the page snippet.
+        https://bugs.webkit.org/show_bug.cgi?id=27895
+        Reviewed by Adam Barth.
+        * http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char.html:
+        * http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html:
+        * http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html:
+        * http/tests/security/xssAuditor/anchor-url-dom-write-location.html:
+        * http/tests/security/xssAuditor/dom-write-URL.html:
+        * http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt:
+        * http/tests/security/xssAuditor/dom-write-innerHTML.html:
+        * http/tests/security/xssAuditor/dom-write-location-inline-event.html:
+        * http/tests/security/xssAuditor/dom-write-location-javascript-URL.html:
+        * http/tests/security/xssAuditor/dom-write-location.html:
+        * http/tests/security/xssAuditor/full-block-get-from-iframe.html:
+        * http/tests/security/xssAuditor/full-block-javascript-link.html:
+        * http/tests/security/xssAuditor/full-block-link-onclick.html:
+        * http/tests/security/xssAuditor/full-block-post-from-iframe.html:
+        * http/tests/security/xssAuditor/full-block-script-tag.html:
+        * http/tests/security/xssAuditor/get-from-iframe.html:
+        * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html:
+        * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html:
+        * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html:
+        * http/tests/security/xssAuditor/img-onerror-tricky.html:
+        * http/tests/security/xssAuditor/javascript-link-null-char.html:
+        * http/tests/security/xssAuditor/javascript-link-one-plus-one.html:
+        * http/tests/security/xssAuditor/javascript-link.html:
+        * http/tests/security/xssAuditor/link-onclick-ampersand.html:
+        * http/tests/security/xssAuditor/link-onclick-control-char.html:
+        * http/tests/security/xssAuditor/link-onclick-entities.html:
+        * http/tests/security/xssAuditor/link-onclick-null-char.html:
+        * http/tests/security/xssAuditor/link-onclick.html:
+        * http/tests/security/xssAuditor/link-opens-new-window.html:
+        * http/tests/security/xssAuditor/malformed-xss-protection-header.html:
+        * http/tests/security/xssAuditor/open-attribute-body.html:
+        * http/tests/security/xssAuditor/open-event-handler-iframe.html:
+        * http/tests/security/xssAuditor/post-from-iframe.html:
+        * http/tests/security/xssAuditor/property-escape-comment.html:
+        * http/tests/security/xssAuditor/property-escape-entity.html:
+        * http/tests/security/xssAuditor/property-escape-noquotes-expected.txt:
+        * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt:
+        * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html:
+        * http/tests/security/xssAuditor/property-escape-noquotes.html:
+        * http/tests/security/xssAuditor/property-escape-quote.html:
+        * http/tests/security/xssAuditor/property-escape.html:
+        * http/tests/security/xssAuditor/property-inject-expected.txt:
+        * http/tests/security/xssAuditor/property-inject.html:
+        * http/tests/security/xssAuditor/script-tag-addslashes-backslash.html:
+        * http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html:
+        * http/tests/security/xssAuditor/script-tag-addslashes-null-char.html:
+        * http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html:
+        * http/tests/security/xssAuditor/script-tag-control-char.html:
+        * http/tests/security/xssAuditor/script-tag-entities.html:
+        * http/tests/security/xssAuditor/script-tag-null-char.html:
+        * http/tests/security/xssAuditor/script-tag-open-redirect.html:
+        * http/tests/security/xssAuditor/script-tag-post-control-char.html:
+        * http/tests/security/xssAuditor/script-tag-post-null-char.html:
+        * http/tests/security/xssAuditor/script-tag-post.html:
+        * http/tests/security/xssAuditor/script-tag-redirect.html:
+        * http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html:
+        * http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html:
+        * http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html:
+        * http/tests/security/xssAuditor/script-tag.html:
+        * http/tests/security/xssAuditor/xss-protection-parsing-01.html:
 -09-14  Henrik Grunell  <grunell@google.com>

trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char.html

r45639	r95161
11	11	</head>
12	12	<body>
13		<iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22al%00ert%28~~/XSS/~~%29%22%3EClick%3C/a%3E'>
	13	<iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22al%00ert%280%29%22%3EClick%3C/a%3E'>
14	14	</iframe>
15	15	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html

r45314	r95161
11	11	</head>
12	12	<body>
13		<iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22alert%28~~/XSS/~~%29%22%3EClick%3C/a%3E'>
	13	<iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22alert%280%29%22%3EClick%3C/a%3E'>
14	14	</iframe>
15	15	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html

r45314	r95161
11	11	</head>
12	12	<body>
13		<iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id=%22anchorLink%22%20href=%22javascript:alert(~~/XSS/~~)%22%3EClick%3C/a%3E'>
	13	<iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id=%22anchorLink%22%20href=%22javascript:alert(String.fromCharCode(0x58,0x53,0x53))%22%3EClick%3C/a%3E'>
14	14	</iframe>
15	15	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location.html

r45314	r95161
10	10	</head>
11	11	<body>
12		<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-location.html?#<script>alert(~~/XSS/~~)</script>'>
	12	<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-location.html?#<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>'>
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-URL.html

r45314	r95161
10	10	</head>
11	11	<body>
12		<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-URL.html?q=<script>alert(~~/XSS/~~)</script>'>
	12	<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-URL.html?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>'>
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt

r79554	r95161
1		ALERT: ~~/XSS/~~
	1	ALERT: XSS
2	2

trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML.html

r65987	r95161
16	16	</head>
17	17	<body>
18		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-dom-write-innerHTML.html?q=<img src='about:blank' onerror='alert(~~/XSS/~~)'>">
	18	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-dom-write-innerHTML.html?q=<img src='about:blank' onerror='alert(String.fromCharCode(0x58,0x53,0x53))'>">
19	19	</iframe>
20	20	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event.html

r45314	r95161
11	11	</head>
12	12	<body>
13		<iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html?%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22alert%28~~/XSS/~~%29%22%3EClick%3C/a%3E'>
	13	<iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html?%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22alert%280%29%22%3EClick%3C/a%3E'>
14	14	</iframe>
15	15	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL.html

r45314	r95161
11	11	</head>
12	12	<body>
13		<iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html?%3Ca%20id=%22anchorLink%22%20href=%22javascript:alert(~~/XSS/~~)%22%3EClick%3C/a%3E'>
	13	<iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html?%3Ca%20id=%22anchorLink%22%20href=%22javascript:alert(String.fromCharCode(0x58,0x53,0x53))%22%3EClick%3C/a%3E'>
14	14	</iframe>
15	15	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-location.html

r45314	r95161
10	10	</head>
11	11	<body>
12		<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-location.html?q=<script>alert(~~/XSS/~~)</script>'>
	12	<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-location.html?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>'>
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/full-block-get-from-iframe.html

r54202	r95161
17	17	window.onload = function()
18	18	{
19		sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","enable-full-block=1&q=<script>alert(~~/XSS/~~)<\/script>","GET", done);
	19	sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","GET", done);
20	20	};
21	21	</script>

trunk/LayoutTests/http/tests/security/xssAuditor/full-block-javascript-link.html

r54202	r95161
14	14	<body>
15	15	<p>There should be no content in the iframe below:</p>
16		<iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src='http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?enable-full-block=1&elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%28~~/XSS/~~%29%3Etest%3C/a%3E'>
	16	<iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src='http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?enable-full-block=1&elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%280%29%3Etest%3C/a%3E'>
17	17	</iframe>
18	18	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick.html

r54202	r95161
14	14	<body>
15	15	<p>There should be no content in the iframe below:</p>
16		<iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<a%20onclick='alert(~~/XSS/~~)'>Click</a>">
	16	<iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<a%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'>Click</a>">
17	17	</iframe>
18	18	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/full-block-post-from-iframe.html

r54202	r95161
17	17	window.onload = function()
18	18	{
19		sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","enable-full-block=1&q=<script>alert(~~/XSS/~~)<\/script>","POST", done);
	19	sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST", done);
20	20	};
21	21	</script>

trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html

r54202	r95161
14	14	<body>
15	15	<p>There should be no content in the iframe below:</p>
16		<iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script>alert(~~/XSS/~~)</script>">
	16	<iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
17	17	</iframe>
18	18	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/get-from-iframe.html

r52687	r95161
11	11	window.onload = function()
12	12	{
13		sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","notifyDone=1&q=<script>alert(~~/XSS/~~)<\/script>","GET");
	13	sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","GET");
14	14	};
15	15	</script>

trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html

r49434	r95161
10	10	</head>
11	11	<body>
12		<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript: %250Aalert(~~/XSS/~~)"></iframe>'>
	12	<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript: %250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'>
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html

r49434	r95161
10	10	</head>
11	11	<body>
12		<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript: //%250Aalert(~~/XSS/~~)"></iframe>'>
	12	<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript: //%250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'>
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html

r49434	r95161
10	10	</head>
11	11	<body>
12		<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript://%250Aalert(~~/XSS/~~)"></iframe>'>
	12	<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript://%250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'>
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-tricky.html

r44985	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg%20src=1%20'onerror=alert(~~/XSS/~~)%3E">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg%20src=1%20'onerror=alert(String.fromCharCode(0x58,0x53,0x53))%3E">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/javascript-link-null-char.html

r45749	r95161
11	11	</head>
12	12	<body>
13		<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aal%00ert%28~~/XSS/~~%29%3Etest%3C/a%3E'>
	13	<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aal%00ert%280%29%3Etest%3C/a%3E'>
14	14	</iframe>
15	15	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/javascript-link-one-plus-one.html

r78776	r95161
11	11	</head>
12	12	<body>
13		<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%28~~/XSS/~~%29%3Etest%3C/a%3E'>
	13	<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%280%29%3Etest%3C/a%3E'>
14	14	</iframe>
15	15	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/javascript-link.html

r45749	r95161
11	11	</head>
12	12	<body>
13		<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%28~~/XSS/~~%29%3Etest%3C/a%3E'>
	13	<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%280%29%3Etest%3C/a%3E'>
14	14	</iframe>
15	15	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand.html

r46086	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert(~~/%26XSS/~~)'>Click</a>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert(1%261)'>Click</a>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char.html

r45639	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='al%05ert(~~/XSS/~~)'>Click</a>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='al%05ert(0)'>Click</a>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities.html

r45752	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20href='about:blank'%20onclick='alert(~~/XSS/~~)//%26amp%3Bcopy%3B'>Click</a>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20href='about:blank'%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B'>Click</a>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char.html

r45639	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='al%00ert(~~/XSS/~~)'>Click</a>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='al%00ert(0)'>Click</a>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick.html

r44985	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert(~~/XSS/~~)'>Click</a>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'>Click</a>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window.html

r52688	r95161
20	20	</head>
21	21	<body>
22		<a id="anchorLink" href="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&q=<script>alert(~~/XSS/~~)</script>" target="_blank">Click me</a>
	22	<a id="anchorLink" href="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>" target="_blank">Click me</a>
23	23	</body>
24	24	</html>

trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header.html

r56295	r95161
14	14	<body>
15	15	<p>This tests that the X-XSS-Protection header is not ignored when the length of its value exceeds <a href="https://bugs.webkit.org/show_bug.cgi?id=27312#c13">16 characters.</a></p>
16		<iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&custom-header=X-XSS-Protection: 12345678901234567&q=<script>alert(~~/XSS/~~)</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
	16	<iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&custom-header=X-XSS-Protection: 12345678901234567&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
17	17	</iframe>
18	18	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/open-attribute-body.html

r78776	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=alert(~~/XSS/~~)//">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=alert(String.fromCharCode(0x58,0x53,0x53))//">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe.html

r78776	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20onload=alert(~~/XSS/~~)//">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20onload=alert(String.fromCharCode(0x58,0x53,0x53))//">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/post-from-iframe.html

r52687	r95161
11	11	window.onload = function()
12	12	{
13		sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","notifyDone=1&q=<script>alert(~~/XSS/~~)<\/script>","POST");
	13	sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST");
14	14	};
15	15	</script>

trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-comment.html

-                      r95065
+                      r95161
 </head>
 <body>
 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=%22alert(/XSS1/)//">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=%22alert(1)//">
 </iframe>
 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=%22alert(/XSS2/)/">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=%22alert(2)/">
 </iframe>
 </body>

trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-entity.html

-                      r95065
+                      r95161
 </head>
 <body>
 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=%22alert(/XSS/)%26%23x2f%26%2347">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=%22alert(String.fromCharCode(0x58,0x53,0x53))%26%23x2f%26%2347">
 </iframe>
 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=alert(/XSS/)-%26quot">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=alert(String.fromCharCode(0x58,0x53,0x53))-%26quot">
 </iframe>
 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=%22alert(/XSS/)-%26">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=%22alert(String.fromCharCode(0x58,0x53,0x53))-%26">
 </iframe>
 </iframe>

trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-noquotes-expected.txt

r48961	r95161
1		ALERT: ~~/XSS/~~
	1	ALERT: XSS
2	2	This test fails because the XSSAuditor allows requests that do not contain illegal URI characters. Thus, the XSSAuditor does not detect breaking out of an unquoted property. A future update may reinstate this functionality.
3	3

trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt

r48961	r95161
1		ALERT: ~~/XSS/~~
	1	ALERT: XSS
2	2	This test fails because the XSSAuditor allows requests that do not contain illegal URI characters. Thus, the XSSAuditor does not detect breaking out of an unquoted property. A future update may reinstate this functionality.
3	3

trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html

r48961	r95161
13	13	the XSSAuditor does not detect breaking out of an unquoted property. A future update may reinstate this
14	14	functionality.</p>
15		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property-noquotes.pl?q=dummy%09/onload=alert(~~/XSS/~~)&dummy=dummy">
	15	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property-noquotes.pl?q=dummy%09/onload=alert(String.fromCharCode(0x58,0x53,0x53))&dummy=dummy">
16	16	</iframe>
17	17	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-noquotes.html

r48961	r95161
13	13	the XSSAuditor does not detect breaking out of an unquoted property. A future update may reinstate this
14	14	functionality.</p>
15		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property-noquotes.pl?q=1%20onload=alert(~~/XSS/~~)">
	15	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property-noquotes.pl?q=1%20onload=alert(String.fromCharCode(0x58,0x53,0x53))">
16	16	</iframe>
17	17	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-quote.html

-                      r95065
+                      r95161
 </head>
 <body>
 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert(/XSS1/)-%22">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert(1)-%22">
 </iframe>
 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert(/XSS2/)-%27">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert(2)-%27">
 </iframe>
 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert(/XSS3/)-%27%22%27%22">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert(3)-%27%22%27%22">
 </iframe>
 </body>

trunk/LayoutTests/http/tests/security/xssAuditor/property-escape.html

r44985	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=%22alert(~~/XSS/~~)">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=%22alert(String.fromCharCode(0x58,0x53,0x53))">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/property-inject-expected.txt

r48961	r95161
1		ALERT: ~~/XSS/~~
	1	ALERT: XSS
2	2	This test fails because the XSSAuditor allows requests that do not contain illegal URI characters. Thus, the XSSAuditor does not detect the injection of an inline event handler within a tag. A future update may reinstate this functionality.
3	3

trunk/LayoutTests/http/tests/security/xssAuditor/property-inject.html

r48961	r95161
13	13	the XSSAuditor does not detect the injection of an inline event handler within a tag. A future update may
14	14	reinstate this functionality.</p>
15		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-inner-tag.pl?q=onload=alert(~~/XSS/~~)">
	15	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-inner-tag.pl?q=onload=alert(String.fromCharCode(0x58,0x53,0x53))">
16	16	</iframe>
17	17	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-backslash.html

r46250	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%5C/%3Balert%28~~/XSS/~~%29%3B%3C/script%3E">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%5C/%3Balert%280%29%3B%3C/script%3E">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html

r46250	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%22/%3Balert%28~~/XSS/~~%29%3B%3C/script%3E">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%22/%3Balert%280%29%3B%3C/script%3E">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-null-char.html

r46250	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%00/%3Balert%28~~/XSS/~~%29%3B%3C/script%3E">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%00/%3Balert%280%29%3B%3C/script%3E">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html

r46250	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%27/%3Balert%28~~/XSS/~~%29%3B%3C/script%3E">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%27/%3Balert%280%29%3B%3C/script%3E">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-control-char.html

r45461	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(~~/XSS/~~)//h%01</script>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))//h%01</script>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-entities.html

r45752	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(~~/XSS/~~)//%26amp%3Bcopy%3B</script>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B</script>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-null-char.html

r45461	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>al%00ert(~~/XSS/~~)</script>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>al%00ert(0)</script>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect.html

r44985	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/redir.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(~~/XSS/~~)</script>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/redir.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-control-char.html

r52688	r95161
15	15	action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl">
16	16	<input type="hidden" name="notifyDone" value="1">
17		<input type="text" name="q" value="<script>alert(~~/XSS%05/~~)</script>">
	17	<input type="text" name="q" value="<script>alert(XSS%05)</script>">
18	18	</form>
19	19	<script>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-null-char.html

r52688	r95161
15	15	action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl">
16	16	<input type="hidden" name="notifyDone" value="1">
17		<input type="text" name="q" value="<script>al%00ert(~~/XSS/~~)</script>">
	17	<input type="text" name="q" value="<script>al%00ert(0)</script>">
18	18	</form>
19	19	<script>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post.html

r52688	r95161
15	15	action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl">
16	16	<input type="hidden" name="notifyDone" value="1">
17		<input type="text" name="q" value="<script>alert(~~/XSS/~~)</script>">
	17	<input type="text" name="q" value="<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
18	18	</form>
19	19	<script>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-redirect.html

r44985	r95161
10	10	</head>
11	11	<body>
12		<iframe src="resources/redir.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(~~/XSS/~~)</script>">
	12	<iframe src="resources/redir.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html

r78776	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>%u0061lert(~~/XSS/~~)</script>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>%u0061lert(0)</script>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html

r78776	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(~~/XSS%/~~)</script>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(1%1)</script>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html

r94828	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>%252525u0061lert(~~/XSS/~~)</script>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>%252525u0061lert(0)</script>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag.html

r44985	r95161
10	10	</head>
11	11	<body>
12		<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(~~/XSS/~~)</script>">
	12	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
13	13	</iframe>
14	14	</body>

trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-01.html

r56979	r95161
17	17	window.onload = function()
18	18	{
19		sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","crazy-header=1&q=<script>alert(~~/XSS/~~)<\/script>","POST", done);
	19	sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","crazy-header=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST", done);
20	20	};
21	21	</script>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 95161 in webkit

Legend:

Download in other formats: