Changeset 95161 in webkit
- Timestamp:
- Sep 14, 2011 9:24:50 PM (13 years ago)
- Location:
- trunk/LayoutTests
- Files:
-
- 61 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r95155 r95161 1 2011-09-14 Tom Sepez <tsepez@chromium.org> 2 3 Fix tests made trivial by the bugfix to 27895, by removing leading punctuation 4 which would cause early truncation of the page snippet. 5 6 https://bugs.webkit.org/show_bug.cgi?id=27895 7 8 Reviewed by Adam Barth. 9 10 * http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char.html: 11 * http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html: 12 * http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html: 13 * http/tests/security/xssAuditor/anchor-url-dom-write-location.html: 14 * http/tests/security/xssAuditor/dom-write-URL.html: 15 * http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt: 16 * http/tests/security/xssAuditor/dom-write-innerHTML.html: 17 * http/tests/security/xssAuditor/dom-write-location-inline-event.html: 18 * http/tests/security/xssAuditor/dom-write-location-javascript-URL.html: 19 * http/tests/security/xssAuditor/dom-write-location.html: 20 * http/tests/security/xssAuditor/full-block-get-from-iframe.html: 21 * http/tests/security/xssAuditor/full-block-javascript-link.html: 22 * http/tests/security/xssAuditor/full-block-link-onclick.html: 23 * http/tests/security/xssAuditor/full-block-post-from-iframe.html: 24 * http/tests/security/xssAuditor/full-block-script-tag.html: 25 * http/tests/security/xssAuditor/get-from-iframe.html: 26 * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html: 27 * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html: 28 * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html: 29 * http/tests/security/xssAuditor/img-onerror-tricky.html: 30 * http/tests/security/xssAuditor/javascript-link-null-char.html: 31 * http/tests/security/xssAuditor/javascript-link-one-plus-one.html: 32 * http/tests/security/xssAuditor/javascript-link.html: 33 * http/tests/security/xssAuditor/link-onclick-ampersand.html: 34 * http/tests/security/xssAuditor/link-onclick-control-char.html: 35 * http/tests/security/xssAuditor/link-onclick-entities.html: 36 * http/tests/security/xssAuditor/link-onclick-null-char.html: 37 * http/tests/security/xssAuditor/link-onclick.html: 38 * http/tests/security/xssAuditor/link-opens-new-window.html: 39 * http/tests/security/xssAuditor/malformed-xss-protection-header.html: 40 * http/tests/security/xssAuditor/open-attribute-body.html: 41 * http/tests/security/xssAuditor/open-event-handler-iframe.html: 42 * http/tests/security/xssAuditor/post-from-iframe.html: 43 * http/tests/security/xssAuditor/property-escape-comment.html: 44 * http/tests/security/xssAuditor/property-escape-entity.html: 45 * http/tests/security/xssAuditor/property-escape-noquotes-expected.txt: 46 * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt: 47 * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html: 48 * http/tests/security/xssAuditor/property-escape-noquotes.html: 49 * http/tests/security/xssAuditor/property-escape-quote.html: 50 * http/tests/security/xssAuditor/property-escape.html: 51 * http/tests/security/xssAuditor/property-inject-expected.txt: 52 * http/tests/security/xssAuditor/property-inject.html: 53 * http/tests/security/xssAuditor/script-tag-addslashes-backslash.html: 54 * http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html: 55 * http/tests/security/xssAuditor/script-tag-addslashes-null-char.html: 56 * http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html: 57 * http/tests/security/xssAuditor/script-tag-control-char.html: 58 * http/tests/security/xssAuditor/script-tag-entities.html: 59 * http/tests/security/xssAuditor/script-tag-null-char.html: 60 * http/tests/security/xssAuditor/script-tag-open-redirect.html: 61 * http/tests/security/xssAuditor/script-tag-post-control-char.html: 62 * http/tests/security/xssAuditor/script-tag-post-null-char.html: 63 * http/tests/security/xssAuditor/script-tag-post.html: 64 * http/tests/security/xssAuditor/script-tag-redirect.html: 65 * http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html: 66 * http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html: 67 * http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html: 68 * http/tests/security/xssAuditor/script-tag.html: 69 * http/tests/security/xssAuditor/xss-protection-parsing-01.html: 70 1 71 2011-09-14 Henrik Grunell <grunell@google.com> 2 72 -
trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char.html
r45639 r95161 11 11 </head> 12 12 <body> 13 <iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22al%00ert%28 /XSS/%29%22%3EClick%3C/a%3E'>13 <iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22al%00ert%280%29%22%3EClick%3C/a%3E'> 14 14 </iframe> 15 15 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html
r45314 r95161 11 11 </head> 12 12 <body> 13 <iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22alert%28 /XSS/%29%22%3EClick%3C/a%3E'>13 <iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22alert%280%29%22%3EClick%3C/a%3E'> 14 14 </iframe> 15 15 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html
r45314 r95161 11 11 </head> 12 12 <body> 13 <iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id=%22anchorLink%22%20href=%22javascript:alert( /XSS/)%22%3EClick%3C/a%3E'>13 <iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html#%3Ca%20id=%22anchorLink%22%20href=%22javascript:alert(String.fromCharCode(0x58,0x53,0x53))%22%3EClick%3C/a%3E'> 14 14 </iframe> 15 15 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location.html
r45314 r95161 10 10 </head> 11 11 <body> 12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-location.html?#<script>alert( /XSS/)</script>'>12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-location.html?#<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>'> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-URL.html
r45314 r95161 10 10 </head> 11 11 <body> 12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-URL.html?q=<script>alert( /XSS/)</script>'>12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-URL.html?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>'> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt
r79554 r95161 1 ALERT: /XSS/1 ALERT: XSS 2 2 -
trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML.html
r65987 r95161 16 16 </head> 17 17 <body> 18 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-dom-write-innerHTML.html?q=<img src='about:blank' onerror='alert( /XSS/)'>">18 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-dom-write-innerHTML.html?q=<img src='about:blank' onerror='alert(String.fromCharCode(0x58,0x53,0x53))'>"> 19 19 </iframe> 20 20 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event.html
r45314 r95161 11 11 </head> 12 12 <body> 13 <iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html?%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22alert%28 /XSS/%29%22%3EClick%3C/a%3E'>13 <iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html?%3Ca%20id%3D%22anchorLink%22%20href%3D%22%23%22%20onclick%3D%22alert%280%29%22%3EClick%3C/a%3E'> 14 14 </iframe> 15 15 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL.html
r45314 r95161 11 11 </head> 12 12 <body> 13 <iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html?%3Ca%20id=%22anchorLink%22%20href=%22javascript:alert( /XSS/)%22%3EClick%3C/a%3E'>13 <iframe src='http://localhost:8000/security/xssAuditor/resources/anchor-url-dom-write-location-click.html?%3Ca%20id=%22anchorLink%22%20href=%22javascript:alert(String.fromCharCode(0x58,0x53,0x53))%22%3EClick%3C/a%3E'> 14 14 </iframe> 15 15 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-location.html
r45314 r95161 10 10 </head> 11 11 <body> 12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-location.html?q=<script>alert( /XSS/)</script>'>12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-dom-write-location.html?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>'> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/full-block-get-from-iframe.html
r54202 r95161 17 17 window.onload = function() 18 18 { 19 sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","enable-full-block=1&q=<script>alert( /XSS/)<\/script>","GET", done);19 sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","GET", done); 20 20 }; 21 21 </script> -
trunk/LayoutTests/http/tests/security/xssAuditor/full-block-javascript-link.html
r54202 r95161 14 14 <body> 15 15 <p>There should be no content in the iframe below:</p> 16 <iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src='http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?enable-full-block=1&elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%28 /XSS/%29%3Etest%3C/a%3E'>16 <iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src='http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?enable-full-block=1&elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%280%29%3Etest%3C/a%3E'> 17 17 </iframe> 18 18 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick.html
r54202 r95161 14 14 <body> 15 15 <p>There should be no content in the iframe below:</p> 16 <iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<a%20onclick='alert( /XSS/)'>Click</a>">16 <iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<a%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'>Click</a>"> 17 17 </iframe> 18 18 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/full-block-post-from-iframe.html
r54202 r95161 17 17 window.onload = function() 18 18 { 19 sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","enable-full-block=1&q=<script>alert( /XSS/)<\/script>","POST", done);19 sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST", done); 20 20 }; 21 21 </script> -
trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html
r54202 r95161 14 14 <body> 15 15 <p>There should be no content in the iframe below:</p> 16 <iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script>alert( /XSS/)</script>">16 <iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"> 17 17 </iframe> 18 18 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/get-from-iframe.html
r52687 r95161 11 11 window.onload = function() 12 12 { 13 sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","notifyDone=1&q=<script>alert( /XSS/)<\/script>","GET");13 sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","GET"); 14 14 }; 15 15 </script> -
trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html
r49434 r95161 10 10 </head> 11 11 <body> 12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript: %250Aalert( /XSS/)"></iframe>'>12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript: %250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html
r49434 r95161 10 10 </head> 11 11 <body> 12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript: //%250Aalert( /XSS/)"></iframe>'>12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript: //%250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html
r49434 r95161 10 10 </head> 11 11 <body> 12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript://%250Aalert( /XSS/)"></iframe>'>12 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript://%250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-tricky.html
r44985 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg%20src=1%20'onerror=alert( /XSS/)%3E">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg%20src=1%20'onerror=alert(String.fromCharCode(0x58,0x53,0x53))%3E"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/javascript-link-null-char.html
r45749 r95161 11 11 </head> 12 12 <body> 13 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aal%00ert%28 /XSS/%29%3Etest%3C/a%3E'>13 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aal%00ert%280%29%3Etest%3C/a%3E'> 14 14 </iframe> 15 15 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/javascript-link-one-plus-one.html
r78776 r95161 11 11 </head> 12 12 <body> 13 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%28 /XSS/%29%3Etest%3C/a%3E'>13 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%280%29%3Etest%3C/a%3E'> 14 14 </iframe> 15 15 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/javascript-link.html
r45749 r95161 11 11 </head> 12 12 <body> 13 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%28 /XSS/%29%3Etest%3C/a%3E'>13 <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3Djavascript%3Aalert%280%29%3Etest%3C/a%3E'> 14 14 </iframe> 15 15 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand.html
r46086 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert( /%26XSS/)'>Click</a>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert(1%261)'>Click</a>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char.html
r45639 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='al%05ert( /XSS/)'>Click</a>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='al%05ert(0)'>Click</a>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities.html
r45752 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20href='about:blank'%20onclick='alert( /XSS/)//%26amp%3Bcopy%3B'>Click</a>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20href='about:blank'%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B'>Click</a>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char.html
r45639 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='al%00ert( /XSS/)'>Click</a>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='al%00ert(0)'>Click</a>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick.html
r44985 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert( /XSS/)'>Click</a>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'>Click</a>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window.html
r52688 r95161 20 20 </head> 21 21 <body> 22 <a id="anchorLink" href="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&q=<script>alert( /XSS/)</script>" target="_blank">Click me</a>22 <a id="anchorLink" href="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>" target="_blank">Click me</a> 23 23 </body> 24 24 </html> -
trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header.html
r56295 r95161 14 14 <body> 15 15 <p>This tests that the X-XSS-Protection header is not ignored when the length of its value exceeds <a href="https://bugs.webkit.org/show_bug.cgi?id=27312#c13">16 characters.</a></p> 16 <iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&custom-header=X-XSS-Protection: 12345678901234567&q=<script>alert( /XSS/)</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">16 <iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&custom-header=X-XSS-Protection: 12345678901234567&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>"> 17 17 </iframe> 18 18 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/open-attribute-body.html
r78776 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=alert( /XSS/)//">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=alert(String.fromCharCode(0x58,0x53,0x53))//"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe.html
r78776 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20onload=alert( /XSS/)//">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20onload=alert(String.fromCharCode(0x58,0x53,0x53))//"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/post-from-iframe.html
r52687 r95161 11 11 window.onload = function() 12 12 { 13 sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","notifyDone=1&q=<script>alert( /XSS/)<\/script>","POST");13 sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST"); 14 14 }; 15 15 </script> -
trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-comment.html
r95065 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=%22alert( /XSS1/)//">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=%22alert(1)//"> 13 13 </iframe> 14 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=%22alert( /XSS2/)/">14 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=%22alert(2)/"> 15 15 </iframe> 16 16 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-entity.html
r95065 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=%22alert( /XSS/)%26%23x2f%26%2347">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=%22alert(String.fromCharCode(0x58,0x53,0x53))%26%23x2f%26%2347"> 13 13 </iframe> 14 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=alert( /XSS/)-%26quot">14 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=alert(String.fromCharCode(0x58,0x53,0x53))-%26quot"> 15 15 </iframe> 16 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=%22alert( /XSS/)-%26">16 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=blah&q=%22%20onload=%22alert(String.fromCharCode(0x58,0x53,0x53))-%26"> 17 17 </iframe> 18 18 </iframe> -
trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-noquotes-expected.txt
r48961 r95161 1 ALERT: /XSS/1 ALERT: XSS 2 2 This test fails because the XSSAuditor allows requests that do not contain illegal URI characters. Thus, the XSSAuditor does not detect breaking out of an unquoted property. A future update may reinstate this functionality. 3 3 -
trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt
r48961 r95161 1 ALERT: /XSS/1 ALERT: XSS 2 2 This test fails because the XSSAuditor allows requests that do not contain illegal URI characters. Thus, the XSSAuditor does not detect breaking out of an unquoted property. A future update may reinstate this functionality. 3 3 -
trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html
r48961 r95161 13 13 the XSSAuditor does not detect breaking out of an unquoted property. A future update may reinstate this 14 14 functionality.</p> 15 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property-noquotes.pl?q=dummy%09/onload=alert( /XSS/)&dummy=dummy">15 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property-noquotes.pl?q=dummy%09/onload=alert(String.fromCharCode(0x58,0x53,0x53))&dummy=dummy"> 16 16 </iframe> 17 17 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-noquotes.html
r48961 r95161 13 13 the XSSAuditor does not detect breaking out of an unquoted property. A future update may reinstate this 14 14 functionality.</p> 15 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property-noquotes.pl?q=1%20onload=alert( /XSS/)">15 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property-noquotes.pl?q=1%20onload=alert(String.fromCharCode(0x58,0x53,0x53))"> 16 16 </iframe> 17 17 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/property-escape-quote.html
r95065 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert( /XSS1/)-%22">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert(1)-%22"> 13 13 </iframe> 14 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert( /XSS2/)-%27">14 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert(2)-%27"> 15 15 </iframe> 16 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert( /XSS3/)-%27%22%27%22">16 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert(3)-%27%22%27%22"> 17 17 </iframe> 18 18 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/property-escape.html
r44985 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=%22alert( /XSS/)">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=%22alert(String.fromCharCode(0x58,0x53,0x53))"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/property-inject-expected.txt
r48961 r95161 1 ALERT: /XSS/1 ALERT: XSS 2 2 This test fails because the XSSAuditor allows requests that do not contain illegal URI characters. Thus, the XSSAuditor does not detect the injection of an inline event handler within a tag. A future update may reinstate this functionality. 3 3 -
trunk/LayoutTests/http/tests/security/xssAuditor/property-inject.html
r48961 r95161 13 13 the XSSAuditor does not detect the injection of an inline event handler within a tag. A future update may 14 14 reinstate this functionality.</p> 15 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-inner-tag.pl?q=onload=alert( /XSS/)">15 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-inner-tag.pl?q=onload=alert(String.fromCharCode(0x58,0x53,0x53))"> 16 16 </iframe> 17 17 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-backslash.html
r46250 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%5C/%3Balert%28 /XSS/%29%3B%3C/script%3E">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%5C/%3Balert%280%29%3B%3C/script%3E"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html
r46250 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%22/%3Balert%28 /XSS/%29%3B%3C/script%3E">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%22/%3Balert%280%29%3B%3C/script%3E"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-null-char.html
r46250 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%00/%3Balert%28 /XSS/%29%3B%3C/script%3E">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%00/%3Balert%280%29%3B%3C/script%3E"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html
r46250 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%27/%3Balert%28 /XSS/%29%3B%3C/script%3E">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag-addslashes.pl?q=%3Cscript%3Evar+bogus%3D/%27/%3Balert%280%29%3B%3C/script%3E"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-control-char.html
r45461 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert( /XSS/)//h%01</script>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))//h%01</script>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-entities.html
r45752 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert( /XSS/)//%26amp%3Bcopy%3B</script>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B</script>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-null-char.html
r45461 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>al%00ert( /XSS/)</script>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>al%00ert(0)</script>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect.html
r44985 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/redir.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert( /XSS/)</script>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/redir.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-control-char.html
r52688 r95161 15 15 action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl"> 16 16 <input type="hidden" name="notifyDone" value="1"> 17 <input type="text" name="q" value="<script>alert( /XSS%05/)</script>">17 <input type="text" name="q" value="<script>alert(XSS%05)</script>"> 18 18 </form> 19 19 <script> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-null-char.html
r52688 r95161 15 15 action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl"> 16 16 <input type="hidden" name="notifyDone" value="1"> 17 <input type="text" name="q" value="<script>al%00ert( /XSS/)</script>">17 <input type="text" name="q" value="<script>al%00ert(0)</script>"> 18 18 </form> 19 19 <script> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post.html
r52688 r95161 15 15 action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl"> 16 16 <input type="hidden" name="notifyDone" value="1"> 17 <input type="text" name="q" value="<script>alert( /XSS/)</script>">17 <input type="text" name="q" value="<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"> 18 18 </form> 19 19 <script> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-redirect.html
r44985 r95161 10 10 </head> 11 11 <body> 12 <iframe src="resources/redir.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert( /XSS/)</script>">12 <iframe src="resources/redir.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html
r78776 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>%u0061lert( /XSS/)</script>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>%u0061lert(0)</script>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html
r78776 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert( /XSS%/)</script>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(1%1)</script>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html
r94828 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>%252525u0061lert( /XSS/)</script>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>%252525u0061lert(0)</script>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag.html
r44985 r95161 10 10 </head> 11 11 <body> 12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert( /XSS/)</script>">12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"> 13 13 </iframe> 14 14 </body> -
trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-01.html
r56979 r95161 17 17 window.onload = function() 18 18 { 19 sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","crazy-header=1&q=<script>alert( /XSS/)<\/script>","POST", done);19 sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","crazy-header=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST", done); 20 20 }; 21 21 </script>
Note: See TracChangeset
for help on using the changeset viewer.