<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[176413] trunk/LayoutTests</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/176413">176413</a></dd>
<dt>Author</dt> <dd>ap@apple.com</dd>
<dt>Date</dt> <dd>2014-11-20 14:10:37 -0800 (Thu, 20 Nov 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>http tests should not use shared temporary files, part 2
https://bugs.webkit.org/show_bug.cgi?id=138894
Rubber-stamped by Tim Horton.
Made more scripts that access local files use per-test files. Some tests could use
HTTP referrer, others needed explicit parameters.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html:
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html:
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html:
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html:
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html:
* http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html:
* http/tests/security/contentSecurityPolicy/resources/echo-report.php:
* http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html: Removed.
* http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html.
* http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.php: Added.
* http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js:
(testMixedHeader):
* http/tests/security/contentSecurityPolicy/resources/report-file-path.php: Added.
* http/tests/security/contentSecurityPolicy/resources/save-report.php:
* http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html:
* http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt:
* http/tests/security/xssAuditor/block-does-not-leak-location.html:
* http/tests/security/xssAuditor/block-does-not-leak-referrer.html:
* http/tests/security/xssAuditor/cookie-injection-expected.txt:
* http/tests/security/xssAuditor/cookie-injection.html:
* http/tests/security/xssAuditor/embed-tag-code-attribute-2-expected.txt:
* http/tests/security/xssAuditor/embed-tag-code-attribute-2.html:
* http/tests/security/xssAuditor/embed-tag-code-attribute-expected.txt:
* http/tests/security/xssAuditor/embed-tag-code-attribute.html:
* http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
* http/tests/security/xssAuditor/embed-tag-control-char.html:
* http/tests/security/xssAuditor/embed-tag-expected.txt:
* http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
* http/tests/security/xssAuditor/embed-tag-javascript-url.html:
* http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
* http/tests/security/xssAuditor/embed-tag-null-char.html:
* http/tests/security/xssAuditor/embed-tag.html:
* http/tests/security/xssAuditor/faux-script1.html:
* http/tests/security/xssAuditor/faux-script2.html:
* http/tests/security/xssAuditor/faux-script3.html:
* http/tests/security/xssAuditor/form-action-expected.txt:
* http/tests/security/xssAuditor/form-action.html:
* http/tests/security/xssAuditor/formaction-on-button-expected.txt:
* http/tests/security/xssAuditor/formaction-on-button.html:
* http/tests/security/xssAuditor/formaction-on-input-expected.txt:
* http/tests/security/xssAuditor/formaction-on-input.html:
* http/tests/security/xssAuditor/frameset-injection-expected.txt:
* http/tests/security/xssAuditor/frameset-injection.html:
* http/tests/security/xssAuditor/full-block-get-from-iframe-expected.txt:
* http/tests/security/xssAuditor/full-block-get-from-iframe.html:
* http/tests/security/xssAuditor/full-block-iframe-javascript-url-expected.txt:
* http/tests/security/xssAuditor/full-block-iframe-javascript-url.html:
* http/tests/security/xssAuditor/full-block-iframe-no-inherit-expected.txt:
* http/tests/security/xssAuditor/full-block-iframe-no-inherit.php:
* http/tests/security/xssAuditor/full-block-link-onclick-expected.txt:
* http/tests/security/xssAuditor/full-block-link-onclick.html:
* http/tests/security/xssAuditor/full-block-object-tag-expected.txt:
* http/tests/security/xssAuditor/full-block-object-tag.html:
* http/tests/security/xssAuditor/full-block-post-from-iframe.html:
* http/tests/security/xssAuditor/full-block-script-tag-cross-domain-expected.txt:
* http/tests/security/xssAuditor/full-block-script-tag-cross-domain.html:
* http/tests/security/xssAuditor/full-block-script-tag-expected.txt:
* http/tests/security/xssAuditor/full-block-script-tag-with-source-expected.txt:
* http/tests/security/xssAuditor/full-block-script-tag-with-source.html:
* http/tests/security/xssAuditor/full-block-script-tag.html:
* http/tests/security/xssAuditor/get-from-iframe-expected.txt:
* http/tests/security/xssAuditor/get-from-iframe.html:
* http/tests/security/xssAuditor/iframe-injection-allowed-2.html:
* http/tests/security/xssAuditor/iframe-injection-allowed-3.html:
* http/tests/security/xssAuditor/iframe-injection-allowed.html:
* http/tests/security/xssAuditor/iframe-injection-expected.txt:
* http/tests/security/xssAuditor/iframe-injection.html:
* http/tests/security/xssAuditor/iframe-javascript-url-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-more-encoding-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-more-encoding.html:
* http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html:
* http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html:
* http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html:
* http/tests/security/xssAuditor/iframe-javascript-url-url-encoded-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-url-encoded.html:
* http/tests/security/xssAuditor/iframe-javascript-url.html:
* http/tests/security/xssAuditor/iframe-onload-GBK-char-expected.txt:
* http/tests/security/xssAuditor/iframe-onload-GBK-char.html:
* http/tests/security/xssAuditor/iframe-onload-in-svg-tag-expected.txt:
* http/tests/security/xssAuditor/iframe-onload-in-svg-tag.html:
* http/tests/security/xssAuditor/iframe-srcdoc-expected.txt:
* http/tests/security/xssAuditor/iframe-srcdoc.html:
* http/tests/security/xssAuditor/img-onerror-GBK-char-expected.txt:
* http/tests/security/xssAuditor/img-onerror-GBK-char.html:
* http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt:
* http/tests/security/xssAuditor/img-onerror-accented-char.html:
* http/tests/security/xssAuditor/img-onerror-non-ASCII-char-expected.txt:
* http/tests/security/xssAuditor/img-onerror-non-ASCII-char.html:
* http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-expected.txt:
* http/tests/security/xssAuditor/img-onerror-non-ASCII-char2.html:
* http/tests/security/xssAuditor/img-onerror-tricky.html:
* http/tests/security/xssAuditor/img-tag-with-comma-expected.txt:
* http/tests/security/xssAuditor/img-tag-with-comma.html:
* http/tests/security/xssAuditor/inline-event-HTML-entities-expected.txt:
* http/tests/security/xssAuditor/inline-event-HTML-entities.html:
* http/tests/security/xssAuditor/link-onclick-ampersand-expected.txt:
* http/tests/security/xssAuditor/link-onclick-ampersand.html:
* http/tests/security/xssAuditor/link-onclick-control-char-expected.txt:
* http/tests/security/xssAuditor/link-onclick-control-char.html:
* http/tests/security/xssAuditor/link-onclick-entities-expected.txt:
* http/tests/security/xssAuditor/link-onclick-entities.html:
* http/tests/security/xssAuditor/link-onclick-expected.txt:
* http/tests/security/xssAuditor/link-onclick-null-char-expected.txt:
* http/tests/security/xssAuditor/link-onclick-null-char.html:
* http/tests/security/xssAuditor/link-onclick.html:
* http/tests/security/xssAuditor/link-opens-new-window-expected.txt:
* http/tests/security/xssAuditor/link-opens-new-window.html:
* http/tests/security/xssAuditor/malformed-HTML-expected.txt:
* http/tests/security/xssAuditor/malformed-HTML.html:
* http/tests/security/xssAuditor/malformed-xss-protection-header-1-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-1.html:
* http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-2.html:
* http/tests/security/xssAuditor/malformed-xss-protection-header-3-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-3.html:
* http/tests/security/xssAuditor/malformed-xss-protection-header-4-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-4.html:
* http/tests/security/xssAuditor/malformed-xss-protection-header-5-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-5.html:
* http/tests/security/xssAuditor/malformed-xss-protection-header-6-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-6.html:
* http/tests/security/xssAuditor/malformed-xss-protection-header-7-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-7.html:
* http/tests/security/xssAuditor/malformed-xss-protection-header-8-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-8.html:
* http/tests/security/xssAuditor/malformed-xss-protection-header-9-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-9.html:
* http/tests/security/xssAuditor/no-protection-script-tag.html:
* http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-control-char.html:
* http/tests/security/xssAuditor/object-embed-tag-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-null-char.html:
* http/tests/security/xssAuditor/object-embed-tag.html:
* http/tests/security/xssAuditor/object-tag-expected.txt:
* http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
* http/tests/security/xssAuditor/object-tag-javascript-url.html:
* http/tests/security/xssAuditor/object-tag.html:
* http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt:
* http/tests/security/xssAuditor/open-event-handler-iframe.html:
* http/tests/security/xssAuditor/open-iframe-src-03-expected.txt:
* http/tests/security/xssAuditor/open-iframe-src-03.html:
* http/tests/security/xssAuditor/post-from-iframe.html:
* http/tests/security/xssAuditor/report-script-tag-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-full-block.html:
* http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt:
* http/tests/security/xssAuditor/report-script-tag-replace-state.html:
* http/tests/security/xssAuditor/report-script-tag.html:
* http/tests/security/xssAuditor/resources/echo-intertag.pl:
* http/tests/security/xssAuditor/script-tag-Big5-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-expected.txt:
* http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html:
* http/tests/security/xssAuditor/script-tag-Big5-char.html:
* http/tests/security/xssAuditor/script-tag-Big5-char2-expected.txt:
* http/tests/security/xssAuditor/script-tag-Big5-char2.html:
* http/tests/security/xssAuditor/script-tag-control-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-control-char.html:
* http/tests/security/xssAuditor/script-tag-convoluted-expected.txt:
* http/tests/security/xssAuditor/script-tag-convoluted.html:
* http/tests/security/xssAuditor/script-tag-entities-expected.txt:
* http/tests/security/xssAuditor/script-tag-entities.html:
* http/tests/security/xssAuditor/script-tag-expected.txt:
* http/tests/security/xssAuditor/script-tag-expression-follows-expected.txt:
* http/tests/security/xssAuditor/script-tag-expression-follows.html:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag-expected.txt:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag.html:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag2-expected.txt:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html:
* http/tests/security/xssAuditor/script-tag-near-start-expected.txt:
* http/tests/security/xssAuditor/script-tag-near-start.html:
* http/tests/security/xssAuditor/script-tag-null-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-null-char.html:
* http/tests/security/xssAuditor/script-tag-open-redirect-expected.txt:
* http/tests/security/xssAuditor/script-tag-open-redirect.html:
* http/tests/security/xssAuditor/script-tag-post-control-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-post-control-char.html:
* http/tests/security/xssAuditor/script-tag-post-expected.txt:
* http/tests/security/xssAuditor/script-tag-post-null-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-post-null-char.html:
* http/tests/security/xssAuditor/script-tag-post.html:
* http/tests/security/xssAuditor/script-tag-redirect-expected.txt:
* http/tests/security/xssAuditor/script-tag-redirect.html:
* http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair.html:
* http/tests/security/xssAuditor/script-tag-with-16bit-unicode5-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-16bit-unicode5.html:
* http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-actual-comma.html:
* http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-callbacks.html:
* http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-comma-01.html:
* http/tests/security/xssAuditor/script-tag-with-comma-02-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-comma-02.html:
* http/tests/security/xssAuditor/script-tag-with-fancy-unicode-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html:
* http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag.html:
* http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html:
* http/tests/security/xssAuditor/script-tag-with-source-control-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-control-char.html:
* http/tests/security/xssAuditor/script-tag-with-source-data-url-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-data-url.html:
* http/tests/security/xssAuditor/script-tag-with-source-data-url2-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-data-url2.html:
* http/tests/security/xssAuditor/script-tag-with-source-data-url3-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-data-url3.html:
* http/tests/security/xssAuditor/script-tag-with-source-double-quote-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-double-quote.html:
* http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-entities.html:
* http/tests/security/xssAuditor/script-tag-with-source-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-no-quote-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-no-quote.html:
* http/tests/security/xssAuditor/script-tag-with-source-null-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-null-char.html:
* http/tests/security/xssAuditor/script-tag-with-source-relative-scheme-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-relative-scheme.html:
* http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query.html:
* http/tests/security/xssAuditor/script-tag-with-source-same-host.html:
* http/tests/security/xssAuditor/script-tag-with-source-unterminated-01-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-unterminated-01.html:
* http/tests/security/xssAuditor/script-tag-with-source-unterminated-02-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-unterminated-02.html:
* http/tests/security/xssAuditor/script-tag-with-source-unterminated-03-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-unterminated-03.html:
* http/tests/security/xssAuditor/script-tag-with-source.html:
* http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028.html:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment.html:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment2-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment2.html:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment3-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment3.html:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment4-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment4.html:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment5-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment5.html:
* http/tests/security/xssAuditor/script-tag.html:
* http/tests/security/xssAuditor/svg-animate-expected.txt:
* http/tests/security/xssAuditor/svg-animate.html:
* http/tests/security/xssAuditor/svg-script-tag-expected.txt:
* http/tests/security/xssAuditor/svg-script-tag.html:
* http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt:
* http/tests/security/xssAuditor/xss-filter-bypass-big5.html:
* http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt:
* http/tests/security/xssAuditor/xss-filter-bypass-sjis.html:
* http/tests/security/xssAuditor/xss-protection-parsing-01.html:
* http/tests/security/xssAuditor/xss-protection-parsing-02-expected.txt:
* http/tests/security/xssAuditor/xss-protection-parsing-02.html:
* http/tests/security/xssAuditor/xss-protection-parsing-03-expected.txt:
* http/tests/security/xssAuditor/xss-protection-parsing-03.html:
* http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt:
* http/tests/security/xssAuditor/xss-protection-parsing-04.html:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11reflectedxssallowhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11reflectedxssblockhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11reflectedxssemptyhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11reflectedxssfilterhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11reflectedxssinvalidhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyreporturifromchildframeexpectedtxt">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyreporturifromchildframehtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesechoreportphp">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-report.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesreflectedxssandxssprotectionjs">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcessavereportphp">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyxmlhttprequestprotectedresourcedoesnotcrashhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorblockdoesnotleaklocationexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorblockdoesnotleaklocationhtml">trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorblockdoesnotleakreferrerhtml">trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-referrer.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorcookieinjectionexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/cookie-injection-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorcookieinjectionhtml">trunk/LayoutTests/http/tests/security/xssAuditor/cookie-injection.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagcodeattribute2expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagcodeattribute2html">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagcodeattributeexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagcodeattributehtml">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagcontrolcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagcontrolcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagjavascripturlexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagjavascripturlhtml">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagnullcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtagnullcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorembedtaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfauxscript1html">trunk/LayoutTests/http/tests/security/xssAuditor/faux-script1.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfauxscript2html">trunk/LayoutTests/http/tests/security/xssAuditor/faux-script2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfauxscript3html">trunk/LayoutTests/http/tests/security/xssAuditor/faux-script3.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorformactionexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/form-action-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorformactionhtml">trunk/LayoutTests/http/tests/security/xssAuditor/form-action.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorformactiononbuttonexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-button-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorformactiononbuttonhtml">trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-button.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorformactiononinputexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-input-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorformactiononinputhtml">trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-input.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorframesetinjectionexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/frameset-injection-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorframesetinjectionhtml">trunk/LayoutTests/http/tests/security/xssAuditor/frameset-injection.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockgetfromiframeexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-get-from-iframe-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockgetfromiframehtml">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-get-from-iframe.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockiframejavascripturlexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockiframejavascripturlhtml">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockiframenoinheritexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-no-inherit-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockiframenoinheritphp">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-no-inherit.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblocklinkonclickexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblocklinkonclickhtml">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockobjecttagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockobjecttaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockpostfromiframehtml">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-post-from-iframe.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttagcrossdomainexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-cross-domain-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttagcrossdomainhtml">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-cross-domain.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttagwithsourceexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttagwithsourcehtml">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorgetfromiframeexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/get-from-iframe-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorgetfromiframehtml">trunk/LayoutTests/http/tests/security/xssAuditor/get-from-iframe.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframeinjectionallowed2html">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed-2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframeinjectionallowed3html">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed-3.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframeinjectionallowedhtml">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframeinjectionexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframeinjectionhtml">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlmoreencodingexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-more-encoding-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlmoreencodinghtml">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-more-encoding.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencodeexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencodehtml">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencode2expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencode2html">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencode3expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencode3html">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlurlencodedexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-url-encoded-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlurlencodedhtml">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-url-encoded.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlhtml">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframeonloadGBKcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-GBK-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframeonloadGBKcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-GBK-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframeonloadinsvgtagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-in-svg-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframeonloadinsvgtaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-in-svg-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframesrcdocexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-srcdoc-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoriframesrcdochtml">trunk/LayoutTests/http/tests/security/xssAuditor/iframe-srcdoc.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgonerrorGBKcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-GBK-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgonerrorGBKcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-GBK-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgonerroraccentedcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgonerroraccentedcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgonerrornonASCIIcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgonerrornonASCIIcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgonerrornonASCIIchar2expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgonerrornonASCIIchar2html">trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgonerrortrickyhtml">trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-tricky.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgtagwithcommaexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/img-tag-with-comma-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorimgtagwithcommahtml">trunk/LayoutTests/http/tests/security/xssAuditor/img-tag-with-comma.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorinlineeventHTMLentitiesexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/inline-event-HTML-entities-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorinlineeventHTMLentitieshtml">trunk/LayoutTests/http/tests/security/xssAuditor/inline-event-HTML-entities.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkonclickampersandexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkonclickampersandhtml">trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkonclickcontrolcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkonclickcontrolcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkonclickentitiesexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkonclickentitieshtml">trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkonclickexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkonclicknullcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkonclicknullcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkonclickhtml">trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkopensnewwindowexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorlinkopensnewwindowhtml">trunk/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedHTMLexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedHTMLhtml">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-HTML.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader1expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-1-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader1html">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-1.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader2expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader2html">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader3expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-3-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader3html">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-3.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader4expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-4-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader4html">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-4.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader5expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-5-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader5html">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-5.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader6expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-6-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader6html">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-6.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader7expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-7-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader7html">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-7.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader8expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-8-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader8html">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-8.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader9expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-9-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader9html">trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-9.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditornoprotectionscripttaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/no-protection-script-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorobjectembedtagcontrolcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorobjectembedtagcontrolcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorobjectembedtagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorobjectembedtagnullcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorobjectembedtagnullcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorobjectembedtaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorobjecttagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorobjecttagjavascripturlexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorobjecttagjavascripturlhtml">trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorobjecttaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/object-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoropeneventhandleriframeexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoropeneventhandleriframehtml">trunk/LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoropeniframesrc03expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/open-iframe-src-03-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditoropeniframesrc03html">trunk/LayoutTests/http/tests/security/xssAuditor/open-iframe-src-03.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorpostfromiframehtml">trunk/LayoutTests/http/tests/security/xssAuditor/post-from-iframe.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorreportscripttagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorreportscripttagfullblockexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorreportscripttagfullblockhtml">trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorreportscripttagreplacestateexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorreportscripttagreplacestatehtml">trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorreportscripttaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorresourcesechointertagpl">trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5charexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5chartwiceurlencodeexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5chartwiceurlencodehtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5charhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5char2expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5char2html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagcontrolcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-control-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagcontrolcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-control-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagconvolutedexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagconvolutedhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagentitiesexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-entities-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagentitieshtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-entities.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagexpressionfollowsexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagexpressionfollowshtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtag2expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtag2html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtag3expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtag3html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagnearstartexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-near-start-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagnearstarthtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-near-start.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagnullcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-null-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagnullcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-null-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagopenredirectexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagopenredirecthtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagpostcontrolcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-control-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagpostcontrolcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-control-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagpostexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagpostnullcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-null-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagpostnullcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-null-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagposthtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagredirectexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-redirect-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagredirecthtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-redirect.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwith16bitunicodesurrogatepairexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwith16bitunicodesurrogatepairhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwith16bitunicode5expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode5-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwith16bitunicode5html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode5.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithactualcommaexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithactualcommahtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcallbacksexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcallbackshtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-callbacks.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcomma01expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcomma01html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcomma02expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-02-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcomma02html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-02.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithfancyunicodeexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithfancyunicodehtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithinvalidclosingtagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithinvalidclosingtaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithinvalidurlencodingexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithinvalidurlencodinghtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcecontrolcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-control-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcecontrolcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-control-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurlexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurlhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurl2expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurl2html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurl3expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url3-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurl3html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url3.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedoublequoteexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-double-quote-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedoublequotehtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-double-quote.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceentitiesexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceentitieshtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcenoquoteexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-no-quote-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcenoquotehtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-no-quote.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcenullcharexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-null-char-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcenullcharhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-null-char.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcerelativeschemeexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-relative-scheme-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcerelativeschemehtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-relative-scheme.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcesamehostwithqueryexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcesamehostwithqueryhtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcesamehosthtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated01expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-01-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated01html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-01.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated02expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-02-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated02html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-02.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated03expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-03-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated03html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-03.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcehtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwiththreetimesurlencoded16bitunicodeexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwiththreetimesurlencoded16bitunicodehtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcommentU2028expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcommentU2028html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcommentexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcommenthtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment2expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment2html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment3expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment3-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment3html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment3.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment4expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment4-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment4html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment4.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment5expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment5-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment5html">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment5.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorscripttaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/script-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorsvganimateexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/svg-animate-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorsvganimatehtml">trunk/LayoutTests/http/tests/security/xssAuditor/svg-animate.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorsvgscripttagexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/svg-script-tag-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorsvgscripttaghtml">trunk/LayoutTests/http/tests/security/xssAuditor/svg-script-tag.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssfilterbypassbig5expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssfilterbypassbig5html">trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssfilterbypasssjisexpectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssfilterbypasssjishtml">trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing01html">trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-01.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing02expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-02-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing02html">trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-02.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing03expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing03html">trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing04expectedtxt">trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing04html">trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04.html</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesgeneratecspreportphp">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesgotoechoreportphp">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesreportfilepathphp">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/report-file-path.php</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesgeneratecspreporthtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/ChangeLog 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,280 @@
</span><ins>+2014-11-20 Alexey Proskuryakov <ap@apple.com>
+
+ http tests should not use shared temporary files, part 2
+ https://bugs.webkit.org/show_bug.cgi?id=138894
+
+ Rubber-stamped by Tim Horton.
+
+ Made more scripts that access local files use per-test files. Some tests could use
+ HTTP referrer, others needed explicit parameters.
+
+ * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html:
+ * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html:
+ * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html:
+ * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html:
+ * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html:
+ * http/tests/security/contentSecurityPolicy/resources/echo-report.php:
+ * http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html: Removed.
+ * http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html.
+ * http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.php: Added.
+ * http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js:
+ (testMixedHeader):
+ * http/tests/security/contentSecurityPolicy/resources/report-file-path.php: Added.
+ * http/tests/security/contentSecurityPolicy/resources/save-report.php:
+ * http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html:
+ * http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt:
+ * http/tests/security/xssAuditor/block-does-not-leak-location.html:
+ * http/tests/security/xssAuditor/block-does-not-leak-referrer.html:
+ * http/tests/security/xssAuditor/cookie-injection-expected.txt:
+ * http/tests/security/xssAuditor/cookie-injection.html:
+ * http/tests/security/xssAuditor/embed-tag-code-attribute-2-expected.txt:
+ * http/tests/security/xssAuditor/embed-tag-code-attribute-2.html:
+ * http/tests/security/xssAuditor/embed-tag-code-attribute-expected.txt:
+ * http/tests/security/xssAuditor/embed-tag-code-attribute.html:
+ * http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
+ * http/tests/security/xssAuditor/embed-tag-control-char.html:
+ * http/tests/security/xssAuditor/embed-tag-expected.txt:
+ * http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
+ * http/tests/security/xssAuditor/embed-tag-javascript-url.html:
+ * http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
+ * http/tests/security/xssAuditor/embed-tag-null-char.html:
+ * http/tests/security/xssAuditor/embed-tag.html:
+ * http/tests/security/xssAuditor/faux-script1.html:
+ * http/tests/security/xssAuditor/faux-script2.html:
+ * http/tests/security/xssAuditor/faux-script3.html:
+ * http/tests/security/xssAuditor/form-action-expected.txt:
+ * http/tests/security/xssAuditor/form-action.html:
+ * http/tests/security/xssAuditor/formaction-on-button-expected.txt:
+ * http/tests/security/xssAuditor/formaction-on-button.html:
+ * http/tests/security/xssAuditor/formaction-on-input-expected.txt:
+ * http/tests/security/xssAuditor/formaction-on-input.html:
+ * http/tests/security/xssAuditor/frameset-injection-expected.txt:
+ * http/tests/security/xssAuditor/frameset-injection.html:
+ * http/tests/security/xssAuditor/full-block-get-from-iframe-expected.txt:
+ * http/tests/security/xssAuditor/full-block-get-from-iframe.html:
+ * http/tests/security/xssAuditor/full-block-iframe-javascript-url-expected.txt:
+ * http/tests/security/xssAuditor/full-block-iframe-javascript-url.html:
+ * http/tests/security/xssAuditor/full-block-iframe-no-inherit-expected.txt:
+ * http/tests/security/xssAuditor/full-block-iframe-no-inherit.php:
+ * http/tests/security/xssAuditor/full-block-link-onclick-expected.txt:
+ * http/tests/security/xssAuditor/full-block-link-onclick.html:
+ * http/tests/security/xssAuditor/full-block-object-tag-expected.txt:
+ * http/tests/security/xssAuditor/full-block-object-tag.html:
+ * http/tests/security/xssAuditor/full-block-post-from-iframe.html:
+ * http/tests/security/xssAuditor/full-block-script-tag-cross-domain-expected.txt:
+ * http/tests/security/xssAuditor/full-block-script-tag-cross-domain.html:
+ * http/tests/security/xssAuditor/full-block-script-tag-expected.txt:
+ * http/tests/security/xssAuditor/full-block-script-tag-with-source-expected.txt:
+ * http/tests/security/xssAuditor/full-block-script-tag-with-source.html:
+ * http/tests/security/xssAuditor/full-block-script-tag.html:
+ * http/tests/security/xssAuditor/get-from-iframe-expected.txt:
+ * http/tests/security/xssAuditor/get-from-iframe.html:
+ * http/tests/security/xssAuditor/iframe-injection-allowed-2.html:
+ * http/tests/security/xssAuditor/iframe-injection-allowed-3.html:
+ * http/tests/security/xssAuditor/iframe-injection-allowed.html:
+ * http/tests/security/xssAuditor/iframe-injection-expected.txt:
+ * http/tests/security/xssAuditor/iframe-injection.html:
+ * http/tests/security/xssAuditor/iframe-javascript-url-expected.txt:
+ * http/tests/security/xssAuditor/iframe-javascript-url-more-encoding-expected.txt:
+ * http/tests/security/xssAuditor/iframe-javascript-url-more-encoding.html:
+ * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode-expected.txt:
+ * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html:
+ * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2-expected.txt:
+ * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html:
+ * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3-expected.txt:
+ * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html:
+ * http/tests/security/xssAuditor/iframe-javascript-url-url-encoded-expected.txt:
+ * http/tests/security/xssAuditor/iframe-javascript-url-url-encoded.html:
+ * http/tests/security/xssAuditor/iframe-javascript-url.html:
+ * http/tests/security/xssAuditor/iframe-onload-GBK-char-expected.txt:
+ * http/tests/security/xssAuditor/iframe-onload-GBK-char.html:
+ * http/tests/security/xssAuditor/iframe-onload-in-svg-tag-expected.txt:
+ * http/tests/security/xssAuditor/iframe-onload-in-svg-tag.html:
+ * http/tests/security/xssAuditor/iframe-srcdoc-expected.txt:
+ * http/tests/security/xssAuditor/iframe-srcdoc.html:
+ * http/tests/security/xssAuditor/img-onerror-GBK-char-expected.txt:
+ * http/tests/security/xssAuditor/img-onerror-GBK-char.html:
+ * http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt:
+ * http/tests/security/xssAuditor/img-onerror-accented-char.html:
+ * http/tests/security/xssAuditor/img-onerror-non-ASCII-char-expected.txt:
+ * http/tests/security/xssAuditor/img-onerror-non-ASCII-char.html:
+ * http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-expected.txt:
+ * http/tests/security/xssAuditor/img-onerror-non-ASCII-char2.html:
+ * http/tests/security/xssAuditor/img-onerror-tricky.html:
+ * http/tests/security/xssAuditor/img-tag-with-comma-expected.txt:
+ * http/tests/security/xssAuditor/img-tag-with-comma.html:
+ * http/tests/security/xssAuditor/inline-event-HTML-entities-expected.txt:
+ * http/tests/security/xssAuditor/inline-event-HTML-entities.html:
+ * http/tests/security/xssAuditor/link-onclick-ampersand-expected.txt:
+ * http/tests/security/xssAuditor/link-onclick-ampersand.html:
+ * http/tests/security/xssAuditor/link-onclick-control-char-expected.txt:
+ * http/tests/security/xssAuditor/link-onclick-control-char.html:
+ * http/tests/security/xssAuditor/link-onclick-entities-expected.txt:
+ * http/tests/security/xssAuditor/link-onclick-entities.html:
+ * http/tests/security/xssAuditor/link-onclick-expected.txt:
+ * http/tests/security/xssAuditor/link-onclick-null-char-expected.txt:
+ * http/tests/security/xssAuditor/link-onclick-null-char.html:
+ * http/tests/security/xssAuditor/link-onclick.html:
+ * http/tests/security/xssAuditor/link-opens-new-window-expected.txt:
+ * http/tests/security/xssAuditor/link-opens-new-window.html:
+ * http/tests/security/xssAuditor/malformed-HTML-expected.txt:
+ * http/tests/security/xssAuditor/malformed-HTML.html:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-1-expected.txt:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-1.html:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-2.html:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-3-expected.txt:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-3.html:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-4-expected.txt:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-4.html:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-5-expected.txt:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-5.html:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-6-expected.txt:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-6.html:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-7-expected.txt:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-7.html:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-8-expected.txt:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-8.html:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-9-expected.txt:
+ * http/tests/security/xssAuditor/malformed-xss-protection-header-9.html:
+ * http/tests/security/xssAuditor/no-protection-script-tag.html:
+ * http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
+ * http/tests/security/xssAuditor/object-embed-tag-control-char.html:
+ * http/tests/security/xssAuditor/object-embed-tag-expected.txt:
+ * http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
+ * http/tests/security/xssAuditor/object-embed-tag-null-char.html:
+ * http/tests/security/xssAuditor/object-embed-tag.html:
+ * http/tests/security/xssAuditor/object-tag-expected.txt:
+ * http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
+ * http/tests/security/xssAuditor/object-tag-javascript-url.html:
+ * http/tests/security/xssAuditor/object-tag.html:
+ * http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt:
+ * http/tests/security/xssAuditor/open-event-handler-iframe.html:
+ * http/tests/security/xssAuditor/open-iframe-src-03-expected.txt:
+ * http/tests/security/xssAuditor/open-iframe-src-03.html:
+ * http/tests/security/xssAuditor/post-from-iframe.html:
+ * http/tests/security/xssAuditor/report-script-tag-expected.txt:
+ * http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt:
+ * http/tests/security/xssAuditor/report-script-tag-full-block.html:
+ * http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt:
+ * http/tests/security/xssAuditor/report-script-tag-replace-state.html:
+ * http/tests/security/xssAuditor/report-script-tag.html:
+ * http/tests/security/xssAuditor/resources/echo-intertag.pl:
+ * http/tests/security/xssAuditor/script-tag-Big5-char-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html:
+ * http/tests/security/xssAuditor/script-tag-Big5-char.html:
+ * http/tests/security/xssAuditor/script-tag-Big5-char2-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-Big5-char2.html:
+ * http/tests/security/xssAuditor/script-tag-control-char-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-control-char.html:
+ * http/tests/security/xssAuditor/script-tag-convoluted-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-convoluted.html:
+ * http/tests/security/xssAuditor/script-tag-entities-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-entities.html:
+ * http/tests/security/xssAuditor/script-tag-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-expression-follows-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-expression-follows.html:
+ * http/tests/security/xssAuditor/script-tag-inside-svg-tag-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-inside-svg-tag.html:
+ * http/tests/security/xssAuditor/script-tag-inside-svg-tag2-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html:
+ * http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html:
+ * http/tests/security/xssAuditor/script-tag-near-start-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-near-start.html:
+ * http/tests/security/xssAuditor/script-tag-null-char-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-null-char.html:
+ * http/tests/security/xssAuditor/script-tag-open-redirect-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-open-redirect.html:
+ * http/tests/security/xssAuditor/script-tag-post-control-char-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-post-control-char.html:
+ * http/tests/security/xssAuditor/script-tag-post-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-post-null-char-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-post-null-char.html:
+ * http/tests/security/xssAuditor/script-tag-post.html:
+ * http/tests/security/xssAuditor/script-tag-redirect-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-redirect.html:
+ * http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair.html:
+ * http/tests/security/xssAuditor/script-tag-with-16bit-unicode5-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-16bit-unicode5.html:
+ * http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-actual-comma.html:
+ * http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-callbacks.html:
+ * http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-comma-01.html:
+ * http/tests/security/xssAuditor/script-tag-with-comma-02-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-comma-02.html:
+ * http/tests/security/xssAuditor/script-tag-with-fancy-unicode-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html:
+ * http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag.html:
+ * http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-control-char-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-control-char.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-data-url-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-data-url.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-data-url2-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-data-url2.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-data-url3-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-data-url3.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-double-quote-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-double-quote.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-entities.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-no-quote-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-no-quote.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-null-char-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-null-char.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-relative-scheme-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-relative-scheme.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-same-host.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-unterminated-01-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-unterminated-01.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-unterminated-02-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-unterminated-02.html:
+ * http/tests/security/xssAuditor/script-tag-with-source-unterminated-03-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-source-unterminated-03.html:
+ * http/tests/security/xssAuditor/script-tag-with-source.html:
+ * http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028.html:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment.html:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment2-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment2.html:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment3-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment3.html:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment4-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment4.html:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment5-expected.txt:
+ * http/tests/security/xssAuditor/script-tag-with-trailing-comment5.html:
+ * http/tests/security/xssAuditor/script-tag.html:
+ * http/tests/security/xssAuditor/svg-animate-expected.txt:
+ * http/tests/security/xssAuditor/svg-animate.html:
+ * http/tests/security/xssAuditor/svg-script-tag-expected.txt:
+ * http/tests/security/xssAuditor/svg-script-tag.html:
+ * http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt:
+ * http/tests/security/xssAuditor/xss-filter-bypass-big5.html:
+ * http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt:
+ * http/tests/security/xssAuditor/xss-filter-bypass-sjis.html:
+ * http/tests/security/xssAuditor/xss-protection-parsing-01.html:
+ * http/tests/security/xssAuditor/xss-protection-parsing-02-expected.txt:
+ * http/tests/security/xssAuditor/xss-protection-parsing-02.html:
+ * http/tests/security/xssAuditor/xss-protection-parsing-03-expected.txt:
+ * http/tests/security/xssAuditor/xss-protection-parsing-03.html:
+ * http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt:
+ * http/tests/security/xssAuditor/xss-protection-parsing-04.html:
+
</ins><span class="cx"> 2014-11-20 Daniel Bates <dabates@apple.com>
</span><span class="cx">
</span><span class="cx"> [iOS] Update expected results for LayoutTests/animations
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11reflectedxssallowhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -11,6 +11,6 @@
</span><span class="cx"> <body>
</span><span class="cx"> <p>Tests that 'X-WebKit-CSP: reflected-xss allow;' disables the XSSAuditor.
</span><span class="cx"> This test passes if an alert is generated, and the script is allowed.</p>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?csp=allow&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/contentSecurityPolicy/1.1/reflected-xss-allow.html&csp=allow&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11reflectedxssblockhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -17,6 +17,6 @@
</span><span class="cx"> There should be no content in the IFrame below:</p>
</span><span class="cx"> <iframe id="frame"
</span><span class="cx"> onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')"
</span><del>- src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?csp=block&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</del><ins>+ src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/contentSecurityPolicy/1.1/reflected-xss-block.html&csp=block&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11reflectedxssemptyhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -11,6 +11,6 @@
</span><span class="cx"> <body>
</span><span class="cx"> <p>Tests that 'X-WebKit-CSP: reflected-xss' enables the XSSAuditor.
</span><span class="cx"> This test passes if a console message is generated, and the script is blocked.</p>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?csp=_empty_&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/contentSecurityPolicy/1.1/reflected-xss-empty.html&csp=_empty_&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11reflectedxssfilterhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -11,6 +11,6 @@
</span><span class="cx"> <body>
</span><span class="cx"> <p>Tests that 'X-WebKit-CSP: reflected-xss filter;' enables the XSSAuditor.
</span><span class="cx"> This test passes if a console message is generated, and the script is blocked.</p>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?csp=filter&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/contentSecurityPolicy/1.1/reflected-xss-filter.html&csp=filter&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11reflectedxssinvalidhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -11,6 +11,6 @@
</span><span class="cx"> <body>
</span><span class="cx"> <p>Tests that 'X-WebKit-CSP: reflected-xss invalid' enables the XSSAuditor.
</span><span class="cx"> This test passes if a console message is generated, and the script is allowed.</p>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?csp=invalid&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html&csp=invalid&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyreporturifromchildframeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -7,7 +7,7 @@
</span><span class="cx"> --------
</span><span class="cx"> CSP report received:
</span><span class="cx"> CONTENT_TYPE: application/json
</span><del>-HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.html
</del><ins>+HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
</ins><span class="cx"> REQUEST_METHOD: POST
</span><span class="cx"> === POST DATA ===
</span><del>-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-child-frame.html","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri save-report.php","blocked-uri":""}}
</del><ins>+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-child-frame.html","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri save-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","blocked-uri":""}}
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyreporturifromchildframehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -2,4 +2,4 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpChildFramesAsText();
</span><span class="cx"> </script>
</span><del>-<iframe src="resources/generate-csp-report.html"></script>
</del><ins>+<iframe src="resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html"></script>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesechoreportphp"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-report.php (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-report.php 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-report.php 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,5 +1,7 @@
</span><span class="cx"> <?php
</span><del>-while (!file_exists("csp-report.txt")) {
</del><ins>+require_once "report-file-path.php";
+
+while (!file_exists($reportFilePath)) {
</ins><span class="cx"> usleep(10000);
</span><span class="cx"> // file_exists() caches results, we want to invalidate the cache.
</span><span class="cx"> clearstatcache();
</span><span class="lines">@@ -7,13 +9,13 @@
</span><span class="cx">
</span><span class="cx"> echo "<html><body>\n";
</span><span class="cx"> echo "CSP report received:";
</span><del>-$reportFile = fopen("csp-report.txt", 'r');
</del><ins>+$reportFile = fopen($reportFilePath, 'r');
</ins><span class="cx"> while ($line = fgets($reportFile)) {
</span><span class="cx"> echo "<br>";
</span><span class="cx"> echo trim($line);
</span><span class="cx"> }
</span><span class="cx"> fclose($reportFile);
</span><del>-unlink("csp-report.txt");
</del><ins>+unlink($reportFilePath);
</ins><span class="cx"> echo "<script>";
</span><span class="cx"> echo "if (window.testRunner)";
</span><span class="cx"> echo " testRunner.notifyDone();";
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesgeneratecspreporthtml"></a>
<div class="delfile"><h4>Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,6 +0,0 @@
</span><del>-<meta http-equiv="Content-Security-Policy" content="script-src 'self'; report-uri save-report.php">
-<script>
-// This script block will trigger a violation report.
-alert('FAIL');
-</script>
-<script src="go-to-echo-report.js"></script>
</del></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesgeneratecspreportphpfromrev176412trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesgeneratecspreporthtml"></a>
<div class="copfile"><h4>Copied: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php (from rev 176412, trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html) (0 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -0,0 +1,6 @@
</span><ins>+<meta http-equiv="Content-Security-Policy" content="script-src 'self'; report-uri save-report.php?test=<?php echo $_GET['test']; ?>">
+<script>
+// This script block will trigger a violation report.
+alert('FAIL');
+</script>
+<script src="go-to-echo-report.php?test=<?php echo $_GET['test']; ?>"></script>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesgotoechoreportphp"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.php (0 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.php 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+window.onload = function () {
+ window.location = "/security/contentSecurityPolicy/resources/echo-report.php?test=<?php echo $_GET['test']; ?>";
+}
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesreflectedxssandxssprotectionjs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -20,7 +20,7 @@
</span><span class="cx"> if (xssProtection == 'invalid')
</span><span class="cx"> params.push('malformed-header=1');
</span><span class="cx">
</span><del>- var url = '/security/xssAuditor/resources/echo-intertag.pl?';
</del><ins>+ var url = '/security/xssAuditor/resources/echo-intertag.pl?test=' + location.pathname;
</ins><span class="cx"> url += params.join('&amp;');
</span><span class="cx">
</span><span class="cx"> document.write('<p>Testing behavior when "reflected-xss" is set to ' + csp + ', and "X-XSS-Protection" is set to ' + xssProtection + '.');
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesreportfilepathphp"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/report-file-path.php (0 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/report-file-path.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/report-file-path.php 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+<?php
+require_once '../../../resources/portabilityLayer.php';
+
+if (isset($_GET['test'])) {
+ $reportFilePath = sys_get_temp_dir() . "/" . str_replace("/", "-", $_GET['test']) . ".csp-report.txt";
+} elseif (isset($_SERVER["HTTP_REFERER"]) and strpos($_SERVER["HTTP_REFERER"], '/resources/') === false) {
+ $reportFilePath = sys_get_temp_dir() . "/" . str_replace("/", "-", parse_url($_SERVER["HTTP_REFERER"], PHP_URL_PATH)) . ".csp-report.txt";
+} else {
+ header("HTTP/1.1 500 Internal Server Error");
+ echo "This script needs to know the name of the test to form a unique temporary file path. It can get one either from HTTP referrer, or from a 'test' parameter.\n";
+ exit();
+}
+
+?>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcessavereportphp"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,11 +1,13 @@
</span><span class="cx"> <?php
</span><ins>+require_once "report-file-path.php";
+
</ins><span class="cx"> function undoMagicQuotes($value) {
</span><span class="cx"> if (get_magic_quotes_gpc())
</span><span class="cx"> return stripslashes($value);
</span><span class="cx"> return $value;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-$reportFile = fopen("csp-report.txt.tmp", 'w');
</del><ins>+$reportFile = fopen($reportFilePath . ".tmp", 'w');
</ins><span class="cx"> $httpHeaders = $_SERVER;
</span><span class="cx"> ksort($httpHeaders, SORT_STRING);
</span><span class="cx"> foreach ($httpHeaders as $name => $value) {
</span><span class="lines">@@ -17,5 +19,5 @@
</span><span class="cx"> fwrite($reportFile, "=== POST DATA ===\n");
</span><span class="cx"> fwrite($reportFile, file_get_contents("php://input"));
</span><span class="cx"> fclose($reportFile);
</span><del>-rename("csp-report.txt.tmp", "csp-report.txt");
</del><ins>+rename($reportFilePath . ".tmp", $reportFilePath);
</ins><span class="cx"> ?>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyxmlhttprequestprotectedresourcedoesnotcrashhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -16,7 +16,7 @@
</span><span class="cx"> document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- var protectedResource = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.html";
</del><ins>+ var protectedResource = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html";
</ins><span class="cx"> var xhr = new XMLHttpRequest();
</span><span class="cx"> xhr.responseType = "document";
</span><span class="cx"> xhr.onreadystatechange = function () {
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorblockdoesnotleaklocationexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 7: The XSS Auditor blocked access to 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53));%3C/script%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 7: The XSS Auditor blocked access to 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/block-does-not-leak-location.html&enable-full-block=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53));%3C/script%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorblockdoesnotleaklocationhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -22,7 +22,7 @@
</span><span class="cx"> xssed = document.getElementById('xssed');
</span><span class="cx"> crossorigin = document.getElementById('crossorigin');
</span><span class="cx"> xssed.onload = checkFrames;
</span><del>- xssed.src = 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53));<' + '/script>';
</del><ins>+ xssed.src = 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/block-does-not-leak-location.html&enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53));<' + '/script>';
</ins><span class="cx"> };
</span><span class="cx"> </script>
</span><span class="cx"> <script src='/resources/js-test-post.js'></script>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorblockdoesnotleakreferrerhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-referrer.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-referrer.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-referrer.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -16,7 +16,7 @@
</span><span class="cx"> window.onload = function () {
</span><span class="cx"> var i = document.querySelector('iframe');
</span><span class="cx"> i.onload = checkReferer;
</span><del>- i.src = 'http://localhost:8000/resources/redirect.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1%26q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<' + '/script>';
</del><ins>+ i.src = 'http://localhost:8000/resources/redirect.php?test=/security/xssAuditor/block-does-not-leak-referrer.html&url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1%26q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<' + '/script>';
</ins><span class="cx"> };
</span><span class="cx"> </script>
</span><span class="cx"> <script src="/resources/js-test-post.js"></script>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorcookieinjectionexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/cookie-injection-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/cookie-injection-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/cookie-injection-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?alert-cookie=1&q=%3Cmeta%20http-equiv=%22Set-Cookie%22%20content=%22xssAuditorTestCookie=FAIL%22%20/%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/cookie-injection.html&alert-cookie=1&q=%3Cmeta%20http-equiv=%22Set-Cookie%22%20content=%22xssAuditorTestCookie=FAIL%22%20/%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> ALERT: PASS
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorcookieinjectionhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/cookie-injection.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/cookie-injection.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/cookie-injection.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?alert-cookie=1&q=<meta%20http-equiv=%22Set-Cookie%22%20content=%22xssAuditorTestCookie=FAIL%22%20/>"></iframe>
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/cookie-injection.html&alert-cookie=1&q=<meta%20http-equiv=%22Set-Cookie%22%20content=%22xssAuditorTestCookie=FAIL%22%20/>"></iframe>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagcodeattribute2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-2-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-2-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-2-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cembed%20code=//localhost:8000/fictional.swf%20allowscriptaccess=always%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag-code-attribute-2.html&q=%3Cembed%20code=//localhost:8000/fictional.swf%20allowscriptaccess=always%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagcodeattribute2html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-2.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-2.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-2.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?q=<embed%20code=//localhost:8000/fictional.swf%20allowscriptaccess=always></embed>">
</del><ins>+<iframe src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag-code-attribute-2.html&q=<embed%20code=//localhost:8000/fictional.swf%20allowscriptaccess=always></embed>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagcodeattributeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cembed%20code=data:text/html%3bbase64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag-code-attribute.html&q=%3Cembed%20code=data:text/html%3bbase64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagcodeattributehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<embed%20code=data:text/html%3bbase64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==></embed>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag-code-attribute.html&q=<embed%20code=data:text/html%3bbase64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==></embed>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagcontrolcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cembed%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag-control-char.html&q=%3Cembed%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagcontrolcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<embed name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'></embed>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag-control-char.html&q=<embed name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'></embed>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cembed%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag.html&q=%3Cembed%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagjavascripturlexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cembed%20src='javascript:alert(document.domain)'%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag-javascript-url.html&q=%3Cembed%20src='javascript:alert(document.domain)'%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagjavascripturlhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<embed src='javascript:alert(document.domain)'></embed>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag-javascript-url.html&q=<embed src='javascript:alert(document.domain)'></embed>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagnullcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cembed%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag-null-char.html&q=%3Cembed%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%3E%3C/embed%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtagnullcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<embed name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'></embed>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag-null-char.html&q=<embed name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'></embed>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorembedtaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<embed name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'></embed>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/embed-tag.html&q=<embed name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'></embed>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfauxscript1html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/faux-script1.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/faux-script1.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/faux-script1.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3C%22script%22%3Ealert(%27innocent%20code%27)%3C/script%3E'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/faux-script1.html&q=%3C%22script%22%3Ealert(%27innocent%20code%27)%3C/script%3E'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfauxscript2html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/faux-script2.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/faux-script2.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/faux-script2.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3C%27script%27%3Ealert(%27innocent%20code%27)%3C/script%3E'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/faux-script2.html&q=%3C%27script%27%3Ealert(%27innocent%20code%27)%3C/script%3E'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfauxscript3html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/faux-script3.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/faux-script3.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/faux-script3.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%22%3C[whatever]script%3Ealert(%27innocent%20code%27)%3C/script%3E'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/faux-script3.html&q=%22%3C[whatever]script%3Ealert(%27innocent%20code%27)%3C/script%3E'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorformactionexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/form-action-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/form-action-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/form-action-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cform%20action=http://127.0.0.1:8000/%20method=x%3E%3Cinput%20type=submit%3E%3Cinput%20name=x%20value='Please%20type%20your%20PIN.'%3E&notifyDone=1&showAction=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/form-action.html&q=%3Cform%20action=http://127.0.0.1:8000/%20method=x%3E%3Cinput%20type=submit%3E%3Cinput%20name=x%20value='Please%20type%20your%20PIN.'%3E&notifyDone=1&showAction=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> ALERT: Form action set to about:blank
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorformactionhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/form-action.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/form-action.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/form-action.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<form%20action=http://127.0.0.1:8000/%20method=x><input%20type=submit><input%20name=x%20value='Please%20type%20your%20PIN.'>&notifyDone=1&showAction=1">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/form-action.html&q=<form%20action=http://127.0.0.1:8000/%20method=x><input%20type=submit><input%20name=x%20value='Please%20type%20your%20PIN.'>&notifyDone=1&showAction=1">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorformactiononbuttonexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-button-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-button-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-button-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cform%3E%3Cbutton%20formaction='http://example.com/'%3E&notifyDone=1&showFormaction=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/formaction-on-button.html&q=%3Cform%3E%3Cbutton%20formaction='http://example.com/'%3E&notifyDone=1&showFormaction=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> ALERT: formaction present on BUTTON with value of about:blank
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorformactiononbuttonhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-button.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-button.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-button.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,6 +10,6 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<form><button%20formaction='http://example.com/'>&notifyDone=1&showFormaction=1"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/formaction-on-button.html&q=<form><button%20formaction='http://example.com/'>&notifyDone=1&showFormaction=1"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorformactiononinputexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-input-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-input-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-input-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cform%3E%3Cinput%20formaction='http://example.com/'%3E&notifyDone=1&showFormaction=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/formaction-on-input.html&q=%3Cform%3E%3Cinput%20formaction='http://example.com/'%3E&notifyDone=1&showFormaction=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> ALERT: formaction present on INPUT with value of about:blank
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorformactiononinputhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-input.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-input.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/formaction-on-input.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<form><input%20formaction='http://example.com/'>&notifyDone=1&showFormaction=1"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/formaction-on-input.html&q=<form><input%20formaction='http://example.com/'>&notifyDone=1&showFormaction=1"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorframesetinjectionexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/frameset-injection-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/frameset-injection-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/frameset-injection-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?inHead=1&q=%3Cframeset%3E%3Cframe%20src='data:text/html,%3Cscript%3Ealert(0)%3C/script%3E'%3E%3C/frameset%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/frameset-injection.html&inHead=1&q=%3Cframeset%3E%3Cframe%20src='data:text/html,%3Cscript%3Ealert(0)%3C/script%3E'%3E%3C/frameset%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorframesetinjectionhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/frameset-injection.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/frameset-injection.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/frameset-injection.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?inHead=1&q=<frameset><frame src='data:text/html,<script>alert(0)</script>'></frameset>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/frameset-injection.html&inHead=1&q=<frameset><frame src='data:text/html,<script>alert(0)</script>'></frameset>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockgetfromiframeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-get-from-iframe-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-get-from-iframe-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-get-from-iframe-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Cscript%3Ealert%28String.fromCharCode%280x58%2C0x53%2C0x53%29%29%3C%2Fscript%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=%2Fsecurity%2FxssAuditor%2Ffull-block-get-from-iframe.html&enable-full-block=1&q=%3Cscript%3Ealert%28String.fromCharCode%280x58%2C0x53%2C0x53%29%29%3C%2Fscript%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> --------
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockgetfromiframehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-get-from-iframe.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-get-from-iframe.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-get-from-iframe.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -16,7 +16,7 @@
</span><span class="cx"> }
</span><span class="cx"> window.onload = function()
</span><span class="cx"> {
</span><del>- sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","GET", done);
</del><ins>+ sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","test=/security/xssAuditor/full-block-get-from-iframe.html&enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","GET", done);
</ins><span class="cx"> };
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockiframejavascripturlexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Ciframe%20src=javascript:alert(document.domain)%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-iframe-javascript-url.html&enable-full-block=1&q=%3Ciframe%20src=javascript:alert(document.domain)%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><del>-ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Ciframe%20src=javascript:alert(document.domain)%3E
</del><ins>+ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-iframe-javascript-url.html&enable-full-block=1&q=%3Ciframe%20src=javascript:alert(document.domain)%3E
</ins><span class="cx"> There should be no content in the iframe below:
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockiframejavascripturlhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>There should be no content in the iframe below:</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src='http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Ciframe%20src=javascript:alert(document.domain)%3E'>
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src='http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-iframe-javascript-url.html&enable-full-block=1&q=%3Ciframe%20src=javascript:alert(document.domain)%3E'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockiframenoinheritexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-no-inherit-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-no-inherit-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-no-inherit-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert(/XSS/)%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-iframe-no-inherit.html&q=%3Cscript%3Ealert(/XSS/)%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This tests that the header X-XSS-Protection is not inherited by the iframe below:
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockiframenoinheritphp"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-no-inherit.php (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-no-inherit.php 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-no-inherit.php 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -16,7 +16,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the header X-XSS-Protection is not inherited by the iframe below:</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(/XSS/)</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-iframe-no-inherit.html&q=<script>alert(/XSS/)</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblocklinkonclickexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Ca%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'%3EClick%3C/a%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-link-onclick.html&enable-full-block=1&q=%3Ca%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'%3EClick%3C/a%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><del>-ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Ca%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'%3EClick%3C/a%3E
</del><ins>+ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-link-onclick.html&enable-full-block=1&q=%3Ca%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'%3EClick%3C/a%3E
</ins><span class="cx"> There should be no content in the iframe below:
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblocklinkonclickhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>There should be no content in the iframe below:</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<a%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'>Click</a>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-link-onclick.html&enable-full-block=1&q=<a%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'>Click</a>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockobjecttagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Cobject%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://localhost:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-object-tag.html&enable-full-block=1&q=%3Cobject%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://localhost:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><del>-ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Cobject%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://localhost:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E
</del><ins>+ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-object-tag.html&enable-full-block=1&q=%3Cobject%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://localhost:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E
</ins><span class="cx"> There should be no content in the iframe below:
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockobjecttaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>There should be no content in the iframe below:</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<object name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://localhost:8000/security/xssAuditor/resources/dummy.swf' /></object>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-object-tag.html&enable-full-block=1&q=<object name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://localhost:8000/security/xssAuditor/resources/dummy.swf' /></object>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockpostfromiframehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-post-from-iframe.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-post-from-iframe.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-post-from-iframe.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -16,7 +16,7 @@
</span><span class="cx"> }
</span><span class="cx"> window.onload = function()
</span><span class="cx"> {
</span><del>- sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST", done);
</del><ins>+ sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","test=/security/xssAuditor/full-block-post-from-iframe.html&enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST", done);
</ins><span class="cx"> };
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttagcrossdomainexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-cross-domain-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-cross-domain-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-cross-domain-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,9 +1,9 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-script-tag-cross-domain.html&enable-full-block=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><del>-ALERT: URL mismatch: undefined vs. http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E
</del><ins>+ALERT: URL mismatch: undefined vs. http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-script-tag-cross-domain.html&enable-full-block=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E
</ins><span class="cx"> There should be no content in the iframe below:
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttagcrossdomainhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-cross-domain.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-cross-domain.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-cross-domain.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -22,7 +22,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>There should be no content in the iframe below:</p>
</span><del>-<iframe id="frame" onload="checkframe()" src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</del><ins>+<iframe id="frame" onload="checkframe()" src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-script-tag-cross-domain.html&enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,9 +1,9 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-script-tag.html&enable-full-block=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><del>-ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E
</del><ins>+ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-script-tag.html&enable-full-block=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E
</ins><span class="cx"> There should be no content in the iframe below:
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttagwithsourceexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Cscript%20src='http://localhost:8000/security/xssAuditor/resources/xss.js'%3E%3C/script%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-script-tag-with-source.html&enable-full-block=1&q=%3Cscript%20src='http://localhost:8000/security/xssAuditor/resources/xss.js'%3E%3C/script%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><del>-ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=%3Cscript%20src='http://localhost:8000/security/xssAuditor/resources/xss.js'%3E%3C/script%3E
</del><ins>+ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-script-tag-with-source.html&enable-full-block=1&q=%3Cscript%20src='http://localhost:8000/security/xssAuditor/resources/xss.js'%3E%3C/script%3E
</ins><span class="cx"> There should be no content in the iframe below:
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttagwithsourcehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>There should be no content in the iframe below:</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script src='http://localhost:8000/security/xssAuditor/resources/xss.js'></script>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-script-tag-with-source.html&enable-full-block=1&q=<script src='http://localhost:8000/security/xssAuditor/resources/xss.js'></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorfullblockscripttaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -22,7 +22,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>There should be no content in the iframe below:</p>
</span><del>-<iframe id="frame" onload="checkframe()" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</del><ins>+<iframe id="frame" onload="checkframe()" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/full-block-script-tag.html&enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorgetfromiframeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/get-from-iframe-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/get-from-iframe-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/get-from-iframe-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&q=%3Cscript%3Ealert%28String.fromCharCode%280x58%2C0x53%2C0x53%29%29%3C%2Fscript%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=%2Fsecurity%2FxssAuditor%2Fget-from-iframe.html&notifyDone=1&q=%3Cscript%3Ealert%28String.fromCharCode%280x58%2C0x53%2C0x53%29%29%3C%2Fscript%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorgetfromiframehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/get-from-iframe.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/get-from-iframe.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/get-from-iframe.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> }
</span><span class="cx"> window.onload = function()
</span><span class="cx"> {
</span><del>- sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","GET");
</del><ins>+ sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","test=/security/xssAuditor/get-from-iframe.html&notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","GET");
</ins><span class="cx"> };
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframeinjectionallowed2html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed-2.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed-2.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed-2.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> This test passes because the injected iframe is from about:blank and is harmless.<br/>
</span><del>-<iframe src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20src='about:blank'></iframe>">
</del><ins>+<iframe src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-injection-allowed-2.html&q=<iframe%20src='about:blank'></iframe>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframeinjectionallowed3html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed-3.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed-3.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed-3.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> This test passes because the injected iframe has an empty src and is harmless.<br/>
</span><del>-<iframe src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20src=''></iframe>">
</del><ins>+<iframe src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-injection-allowed-3.html&q=<iframe%20src=''></iframe>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframeinjectionallowedhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> This test passes because the injected iframe is from the same host as the child frame.<br/>
</span><del>-<iframe src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20src='http://127.0.0.1:8000/'></iframe>">
</del><ins>+<iframe src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-injection-allowed.html&q=<iframe%20src='http://127.0.0.1:8000/'></iframe>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframeinjectionexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20src='http://127.0.0.1:8000/'%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-injection.html&q=%3Ciframe%20src='http://127.0.0.1:8000/'%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframeinjectionhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20src='http://127.0.0.1:8000/'></iframe>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-injection.html&q=<iframe%20src='http://127.0.0.1:8000/'></iframe>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20src=javascript:alert(document.domain)%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url.html&q=%3Ciframe%20src=javascript:alert(document.domain)%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlmoreencodingexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-more-encoding-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-more-encoding-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-more-encoding-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3CIFRAME%20src='javascript:alert%26%23x25%3B281)'%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url-more-encoding.html&q=%3CIFRAME%20src='javascript:alert%26%23x25%3B281)'%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlmoreencodinghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-more-encoding.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-more-encoding.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-more-encoding.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<IFRAME%20src='javascript:alert%26%23x25%3B281)'>"</iframe>
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url-more-encoding.html&q=<IFRAME%20src='javascript:alert%26%23x25%3B281)'>"</iframe>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencodeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20src=%22javascript:%20%250Aalert(String.fromCharCode(0x58,0x53,0x53))%22%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url-twice-url-encode.html&q=%3Ciframe%20src=%22javascript:%20%250Aalert(String.fromCharCode(0x58,0x53,0x53))%22%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencodehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript: %250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url-twice-url-encode.html&q=<iframe src="javascript: %250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencode2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20src=%22javascript:%20//%250Aalert(String.fromCharCode(0x58,0x53,0x53))%22%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html&q=%3Ciframe%20src=%22javascript:%20//%250Aalert(String.fromCharCode(0x58,0x53,0x53))%22%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencode2html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript: //%250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html&q=<iframe src="javascript: //%250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencode3expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20src=%22javascript://%250Aalert(String.fromCharCode(0x58,0x53,0x53))%22%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html&q=%3Ciframe%20src=%22javascript://%250Aalert(String.fromCharCode(0x58,0x53,0x53))%22%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturltwiceurlencode3html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe src="javascript://%250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html&q=<iframe src="javascript://%250Aalert(String.fromCharCode(0x58,0x53,0x53))"></iframe>'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlurlencodedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-url-encoded-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-url-encoded-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-url-encoded-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20src=javascript%3A%271%2525251%27%3Balert%28document.domain%29%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url-url-encoded.html&q=%3Ciframe%20src=javascript%3A%271%2525251%27%3Balert%28document.domain%29%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlurlencodedhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-url-encoded.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-url-encoded.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-url-encoded.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20src=javascript%3A%271%2525251%27%3Balert%28document.domain%29%3E">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url-url-encoded.html&q=%3Ciframe%20src=javascript%3A%271%2525251%27%3Balert%28document.domain%29%3E">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframejavascripturlhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20src=javascript:alert(document.domain)%3E'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-javascript-url.html&q=%3Ciframe%20src=javascript:alert(document.domain)%3E'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframeonloadGBKcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-GBK-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-GBK-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-GBK-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?charset=GBK&q=%3Ciframe%20onload=%C7Ojavascript:alert(document.domain)%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-onload-GBK-char.html&charset=GBK&q=%3Ciframe%20onload=%C7Ojavascript:alert(document.domain)%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframeonloadGBKcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-GBK-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-GBK-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-GBK-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?charset=GBK&q=<iframe%20onload=%C7Ojavascript:alert(document.domain)></iframe>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-onload-GBK-char.html&charset=GBK&q=<iframe%20onload=%C7Ojavascript:alert(document.domain)></iframe>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframeonloadinsvgtagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-in-svg-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-in-svg-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-in-svg-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Csvg%3E%3Cscript%3E%3Ciframe%20onload=alert(0)%3E%3C/iframe%3E%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-onload-in-svg-tag.html&q=%3Csvg%3E%3Cscript%3E%3Ciframe%20onload=alert(0)%3E%3C/iframe%3E%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> Test that dangerous attributes are still filtered in netsted script contexts.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframeonloadinsvgtaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-in-svg-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-in-svg-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-onload-in-svg-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<svg><script><iframe%20onload=alert(0)></iframe></script></svg>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-onload-in-svg-tag.html&q=<svg><script><iframe%20onload=alert(0)></iframe></script></svg>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> Test that dangerous attributes are still filtered in netsted script contexts.
</span><span class="cx"> </body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframesrcdocexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-srcdoc-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-srcdoc-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-srcdoc-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20srcdoc=%3Cscript%3Ealert(/FAIL/)%3C/script%3E%20%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-srcdoc.html&q=%3Ciframe%20srcdoc=%3Cscript%3Ealert(/FAIL/)%3C/script%3E%20%3E%3C/iframe%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoriframesrcdochtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/iframe-srcdoc.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/iframe-srcdoc.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/iframe-srcdoc.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe srcdoc=<script>alert(/FAIL/)</script> ></iframe>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/iframe-srcdoc.html&q=<iframe srcdoc=<script>alert(/FAIL/)</script> ></iframe>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgonerrorGBKcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-GBK-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-GBK-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-GBK-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?charset=GBK&q=%3Cimg%20src=%201%20onerror=%C7Ojavascript:alert(document.domain)%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-onerror-GBK-char.html&charset=GBK&q=%3Cimg%20src=%201%20onerror=%C7Ojavascript:alert(document.domain)%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgonerrorGBKcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-GBK-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-GBK-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-GBK-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?charset=GBK&q=<img%20src=%201%20onerror=%C7Ojavascript:alert(document.domain)>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-onerror-GBK-char.html&charset=GBK&q=<img%20src=%201%20onerror=%C7Ojavascript:alert(document.domain)>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgonerroraccentedcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg%20src=%C3%A4%20onerror=alert(%27%C3%A4%27)%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-onerror-accented-char.html&q=%3Cimg%20src=%C3%A4%20onerror=alert(%27%C3%A4%27)%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgonerroraccentedcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<img%20src=ä%20onerror=alert(%27ä%27)>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-onerror-accented-char.html&q=<img%20src=ä%20onerror=alert(%27ä%27)>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgonerrornonASCIIcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg+src='%80'+onerror=%27alert(document.domain)%27' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-onerror-non-ASCII-char.html&q=%3Cimg+src='%80'+onerror=%27alert(document.domain)%27' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgonerrornonASCIIcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg+src='%80'+onerror=%27alert(document.domain)%27">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-onerror-non-ASCII-char.html&q=%3Cimg+src='%80'+onerror=%27alert(document.domain)%27">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgonerrornonASCIIchar2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg+src=%220%22+onerror=%22/%80/%3Balert(document.domain)%22%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-onerror-non-ASCII-char2.html&q=%3Cimg+src=%220%22+onerror=%22/%80/%3Balert(document.domain)%22%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgonerrornonASCIIchar2html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char2.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char2.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char2.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg+src=%220%22+onerror=%22/%80/%3Balert(document.domain)%22%3E">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-onerror-non-ASCII-char2.html&q=%3Cimg+src=%220%22+onerror=%22/%80/%3Balert(document.domain)%22%3E">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgonerrortrickyhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-tricky.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-tricky.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-onerror-tricky.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg%20src=1%20'onerror=alert(String.fromCharCode(0x58,0x53,0x53))%3E">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-onerror-tricky.html&q=%3Cimg%20src=1%20'onerror=alert(String.fromCharCode(0x58,0x53,0x53))%3E">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgtagwithcommaexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-tag-with-comma-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-tag-with-comma-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-tag-with-comma-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=%3cimg%20src=x%20onerror=%22[]&q2=alert(1)%22%3c' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-tag-with-comma.html&clutter=,&q=%3cimg%20src=x%20onerror=%22[]&q2=alert(1)%22%3c' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span><span class="cx"> Test that the XSSAuditor catches the specific case where the IIS webserver resovles multiply occuring query parameters by concatenating them before passing the result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The test passes if the XSSAuditor logs console messages and no alerts fire.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorimgtagwithcommahtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/img-tag-with-comma.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/img-tag-with-comma.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/img-tag-with-comma.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=%3cimg%20src=x%20onerror=%22[]&q2=alert(1)%22%3c"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/img-tag-with-comma.html&clutter=,&q=%3cimg%20src=x%20onerror=%22[]&q2=alert(1)%22%3c"></iframe>
</ins><span class="cx"> <p>Test that the XSSAuditor catches the specific case where the IIS webserver resovles multiply occuring query parameters by
</span><span class="cx"> concatenating them before passing the result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The test
</span><span class="cx"> passes if the XSSAuditor logs console messages and no alerts fire.</p>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorinlineeventHTMLentitiesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/inline-event-HTML-entities-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/inline-event-HTML-entities-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/inline-event-HTML-entities-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg%20src=1%20onerror=%26%2397%26%23108%26%23101%26%23114%26%23116%26%2340%26%2349%26%2341%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/inline-event-HTML-entities.html&q=%3Cimg%20src=1%20onerror=%26%2397%26%23108%26%23101%26%23114%26%23116%26%2340%26%2349%26%2341%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorinlineeventHTMLentitieshtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/inline-event-HTML-entities.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/inline-event-HTML-entities.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/inline-event-HTML-entities.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg%20src=1%20onerror=%26%2397%26%23108%26%23101%26%23114%26%23116%26%2340%26%2349%26%2341%3E'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/inline-event-HTML-entities.html&q=%3Cimg%20src=1%20onerror=%26%2397%26%23108%26%23101%26%23114%26%23116%26%2340%26%2349%26%2341%3E'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkonclickampersandexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ca%20onclick='alert(1%261)'%3EClick%3C/a%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-onclick-ampersand.html&q=%3Ca%20onclick='alert(1%261)'%3EClick%3C/a%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkonclickampersandhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert(1%261)'>Click</a>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-onclick-ampersand.html&q=<a%20onclick='alert(1%261)'>Click</a>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkonclickcontrolcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ca%20onclick='al%05ert(0)'%3EClick%3C/a%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-onclick-control-char.html&q=%3Ca%20onclick='al%05ert(0)'%3EClick%3C/a%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkonclickcontrolcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='al%05ert(0)'>Click</a>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-onclick-control-char.html&q=<a%20onclick='al%05ert(0)'>Click</a>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkonclickentitiesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ca%20href='about:blank'%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B'%3EClick%3C/a%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-onclick-entities.html&q=%3Ca%20href='about:blank'%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B'%3EClick%3C/a%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkonclickentitieshtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20href='about:blank'%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B'>Click</a>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-onclick-entities.html&q=<a%20href='about:blank'%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B'>Click</a>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkonclickexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ca%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'%3EClick%3C/a%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-onclick.html&q=%3Ca%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'%3EClick%3C/a%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkonclicknullcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ca%20onclick='al%00ert(0)'%3EClick%3C/a%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-onclick-null-char.html&q=%3Ca%20onclick='al%00ert(0)'%3EClick%3C/a%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkonclicknullcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='al%00ert(0)'>Click</a>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-onclick-null-char.html&q=<a%20onclick='al%00ert(0)'>Click</a>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkonclickhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'>Click</a>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-onclick.html&q=<a%20onclick='alert(String.fromCharCode(0x58,0x53,0x53))'>Click</a>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkopensnewwindowexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-opens-new-window.html&notifyDone=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> Click me
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorlinkopensnewwindowhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -19,6 +19,6 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<a id="anchorLink" href="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>" target="_blank">Click me</a>
</del><ins>+<a id="anchorLink" href="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/link-opens-new-window.html&notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>" target="_blank">Click me</a>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedHTMLexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ca%3Cimg/src/onerror=alert(1)//%3C' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-HTML.html&q=%3Ca%3Cimg/src/onerror=alert(1)//%3C' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> --------
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedHTMLhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-HTML.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-HTML.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-HTML.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ca%3Cimg/src/onerror=alert(1)//%3C'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-HTML.html&q=%3Ca%3Cimg/src/onerror=alert(1)//%3C'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader1expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-1-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-1-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-1-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> CONSOLE MESSAGE: line 1: Error parsing header X-XSS-Protection: 12345678901234567: expected semicolon at character position 2. The default protections will be applied.
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-1.html&notifyDone=1&malformed-header=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This tests that a malformed X-XSS-Protection header is not ignored when the length of its value exceeds 16 characters, and that an error is reported.
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader1html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-1.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-1.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-1.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that a malformed X-XSS-Protection header is not ignored when the length of its value exceeds <a href="https://bugs.webkit.org/show_bug.cgi?id=27312#c13">16 characters, and that an error is reported.</a></p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-1.html&notifyDone=1&malformed-header=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> CONSOLE MESSAGE: line 1: Error parsing header X-XSS-Protection: red: expected 0 or 1 at character position 0. The default protections will be applied.
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=2&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-2.html&notifyDone=1&malformed-header=2&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This tests that the X-XSS-Protection header is not ignored when the first character is not 0 or 1, and that we issue an error.
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader2html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-2.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection header is not ignored when the first character is not 0 or 1, and that we issue an error.</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=2&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-2.html&notifyDone=1&malformed-header=2&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader3expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-3-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-3-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-3-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> CONSOLE MESSAGE: line 1: Error parsing header X-XSS-Protection: 1; mode=purple: invalid mode directive at character position 8. The default protections will be applied.
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=3&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-3.html&notifyDone=1&malformed-header=3&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This tests that a malformed X-XSS-Protection header is not ignored and an error is reported when the mode= token is invalid.
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader3html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-3.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-3.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-3.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that a malformed X-XSS-Protection header is not ignored and an error is reported when the mode= token is invalid.</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=3&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-3.html&notifyDone=1&malformed-header=3&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader4expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-4-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-4-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-4-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> CONSOLE MESSAGE: line 1: Error parsing header X-XSS-Protection: 1; mode=block-a-block-block: expected semicolon at character position 14. The default protections will be applied.
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=4&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-4.html&notifyDone=1&malformed-header=4&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This tests that the X-XSS-Protection header is not ignored when there is a trailing garbage after mode=block, and we issue an error
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader4html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-4.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-4.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-4.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection header is not ignored when there is a trailing garbage after mode=block, and we issue an error</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=4&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-4.html&notifyDone=1&malformed-header=4&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader5expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-5-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-5-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-5-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> CONSOLE MESSAGE: line 1: Error parsing header X-XSS-Protection: 1; mode=block; report: expected equals sign at character position 21. The default protections will be applied.
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=5&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-5.html&notifyDone=1&malformed-header=5&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This tests that the X-XSS-Protection header is not ignored when there is an incomplete report url following mode=block, and we issue an error
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader5html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-5.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-5.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-5.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection header is not ignored when there is an incomplete report url following mode=block, and we issue an error</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=5&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-5.html&notifyDone=1&malformed-header=5&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader6expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-6-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-6-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-6-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> CONSOLE MESSAGE: line 1: Error parsing header X-XSS-Protection: 1; report= ;: invalid report directive at character position 11. The default protections will be applied.
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=6&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-6.html&notifyDone=1&malformed-header=6&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This tests that the X-XSS-Protection header is not ignored when there is an incomplete report directive, and we issue an error
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader6html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-6.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-6.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-6.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection header is not ignored when there is an incomplete report directive, and we issue an error</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=6&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-6.html&notifyDone=1&malformed-header=6&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader7expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-7-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-7-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-7-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> CONSOLE MESSAGE: line 1: Error parsing header X-XSS-Protection: 1; red: unrecognized directive at character position 3. The default protections will be applied.
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=7&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-7.html&notifyDone=1&malformed-header=7&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This tests that the X-XSS-Protection header is not ignored when there is an invalid directive, and we issue an error
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader7html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-7.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-7.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-7.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection header is not ignored when there is an invalid directive, and we issue an error</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=7&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-7.html&notifyDone=1&malformed-header=7&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader8expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-8-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-8-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-8-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> CONSOLE MESSAGE: line 1: Error parsing header X-XSS-Protection: 1; mode=block; report=/fail; mode=block;: duplicate mode directive at character position 33. The default protections will be applied.
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=8&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-8.html&notifyDone=1&malformed-header=8&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This tests that the X-XSS-Protection header is not ignored when there is an duplicate mode directive, and we issue an error
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader8html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-8.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-8.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-8.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection header is not ignored when there is an duplicate mode directive, and we issue an error</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=8&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-8.html&notifyDone=1&malformed-header=8&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader9expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-9-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-9-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-9-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> CONSOLE MESSAGE: line 1: Error parsing header X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;: duplicate report directive at character position 35. The default protections will be applied.
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=9&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-9.html&notifyDone=1&malformed-header=9&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This tests that the X-XSS-Protection header is not ignored when there is a duplicate report directive, and we issue an error
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditormalformedxssprotectionheader9html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-9.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-9.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/malformed-xss-protection-header-9.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection header is not ignored when there is a duplicate report directive, and we issue an error</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=9&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/malformed-xss-protection-header-9.html&notifyDone=1&malformed-header=9&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditornoprotectionscripttaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/no-protection-script-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/no-protection-script-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/no-protection-script-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -11,7 +11,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This script should run because XSS protection is disabled.</p>
</span><del>-<iframe id="frame" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?disable-protection=1&q=<script>alert(/PASS/)</script>">
</del><ins>+<iframe id="frame" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/no-protection-script-tag.html&disable-protection=1&q=<script>alert(/PASS/)</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorobjectembedtagcontrolcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorobjectembedtagcontrolcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -12,7 +12,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05' /></object>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05' /></object>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorobjectembedtagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorobjectembedtagnullcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3Cembed%20id='embed'%20name='plugin'%20type='application/x-webkit-test-netscape'%20src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorobjectembedtagnullcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -12,7 +12,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf' /></object>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf' /></object>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorobjectembedtaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -12,7 +12,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /></object>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /></object>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorobjecttagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20name='plugin'%20type='application/x-webkit-test-netscape'%3E%3Cparam%20name='movie'%20value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf'%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorobjecttagjavascripturlexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20data='javascript:alert(document.domain)'%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 9: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag-javascript-url.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id='object'%20data='javascript:alert(document.domain)'%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorobjecttagjavascripturlhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -12,7 +12,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=<object id='object' data='javascript:alert(document.domain)'></object>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag-javascript-url.html&relay-target-ids-for-event=beforeload&q=<object id='object' data='javascript:alert(document.domain)'></object>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorobjecttaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/object-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/object-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/object-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -12,7 +12,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /></object>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag.html&relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /></object>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoropeneventhandleriframeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20onload=alert(String.fromCharCode(0x58,0x53,0x53))//' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/open-event-handler-iframe.html&q=%3Ciframe%20onload=alert(String.fromCharCode(0x58,0x53,0x53))//' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoropeneventhandleriframehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20onload=alert(String.fromCharCode(0x58,0x53,0x53))//">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/open-event-handler-iframe.html&q=<iframe%20onload=alert(String.fromCharCode(0x58,0x53,0x53))//">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoropeniframesrc03expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/open-iframe-src-03-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/open-iframe-src-03-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/open-iframe-src-03-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Ciframe%20src=%22javascript:alert(1)%3B%e2%80%a8--%3E&clutter=xxx%22%3E%3C/iframe%3E&notifyDone=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/open-iframe-src-03.html&q=%3Ciframe%20src=%22javascript:alert(1)%3B%e2%80%a8--%3E&clutter=xxx%22%3E%3C/iframe%3E&notifyDone=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditoropeniframesrc03html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/open-iframe-src-03.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/open-iframe-src-03.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/open-iframe-src-03.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,6 +10,6 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<iframe%20src="javascript:alert(1)%3B%e2%80%a8-->&clutter=xxx"></iframe>&notifyDone=1'></iframe>
</del><ins>+ <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/open-iframe-src-03.html&q=<iframe%20src="javascript:alert(1)%3B%e2%80%a8-->&clutter=xxx"></iframe>&notifyDone=1'></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorpostfromiframehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/post-from-iframe.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/post-from-iframe.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/post-from-iframe.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> }
</span><span class="cx"> window.onload = function()
</span><span class="cx"> {
</span><del>- sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST");
</del><ins>+ sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","test=/security/xssAuditor/post-from-iframe.html&notifyDone=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST");
</ins><span class="cx"> };
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorreportscripttagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?echo-report=1&enable-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag.html&echo-report=1&enable-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> This tests that the X-XSS-Protection reports are sent out properly
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -8,7 +8,7 @@
</span><span class="cx"> --------
</span><span class="cx"> CSP report received:
</span><span class="cx"> CONTENT_TYPE: application/json
</span><del>-HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?echo-report=1&enable-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
</del><ins>+HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag.html&echo-report=1&enable-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
</ins><span class="cx"> REQUEST_METHOD: POST
</span><span class="cx"> === POST DATA ===
</span><del>-{"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?echo-report=1&enable-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</del><ins>+{"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag.html&echo-report=1&enable-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorreportscripttagfullblockexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-full-block.html&enable-full-block-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> CSP report received:
</span><span class="cx"> CONTENT_TYPE: application/json
</span><del>-HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
</del><ins>+HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-full-block.html&enable-full-block-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
</ins><span class="cx"> REQUEST_METHOD: POST
</span><span class="cx"> === POST DATA ===
</span><del>-{"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</del><ins>+{"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-full-block.html&enable-full-block-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorreportscripttagfullblockhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -19,7 +19,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection reports are sent out properly</p>
</span><del>-<iframe id="frame" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block-report=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message, no JavaScript alert(), and a dump of the report below, then the test PASSED.</p>" onload="done()">
</del><ins>+<iframe id="frame" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-full-block.html&enable-full-block-report=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message, no JavaScript alert(), and a dump of the report below, then the test PASSED.</p>" onload="done()">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorreportscripttagreplacestateexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=report-script-tag.html&echo-report=1&enable-report=1&replaceState=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-replace-state.html&test=report-script-tag.html&echo-report=1&enable-report=1&replaceState=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> This tests that the X-XSS-Protection reports are sent out properly with the original, unmodified URL even when a history.replaceState() changes it.
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -8,7 +8,7 @@
</span><span class="cx"> --------
</span><span class="cx"> CSP report received:
</span><span class="cx"> CONTENT_TYPE: application/json
</span><del>-HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=report-script-tag.html&echo-report=1&enable-report=1&replaceState=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
</del><ins>+HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-replace-state.html&test=report-script-tag.html&echo-report=1&enable-report=1&replaceState=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
</ins><span class="cx"> REQUEST_METHOD: POST
</span><span class="cx"> === POST DATA ===
</span><del>-{"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=report-script-tag.html&echo-report=1&enable-report=1&replaceState=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</del><ins>+{"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-replace-state.html&test=report-script-tag.html&echo-report=1&enable-report=1&replaceState=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorreportscripttagreplacestatehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -14,7 +14,7 @@
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection reports are sent out properly with
</span><span class="cx"> the original, unmodified URL even when a history.replaceState() changes it.</p>
</span><del>-<iframe id="frame" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=report-script-tag.html&echo-report=1&enable-report=1&replaceState=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message, no JavaScript alert(), and a dump of the report below, then the test PASSED.</p>">
</del><ins>+<iframe id="frame" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-replace-state.html&test=report-script-tag.html&echo-report=1&enable-report=1&replaceState=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message, no JavaScript alert(), and a dump of the report below, then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorreportscripttaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/report-script-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection reports are sent out properly</p>
</span><del>-<iframe id="frame" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?echo-report=1&enable-report=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message, no JavaScript alert(), and a dump of the report below, then the test PASSED.</p>">
</del><ins>+<iframe id="frame" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag.html&echo-report=1&enable-report=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message, no JavaScript alert(), and a dump of the report below, then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorresourcesechointertagpl"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -14,10 +14,10 @@
</span><span class="cx"> print "X-XSS-Protection: 1; mode=block\n";
</span><span class="cx"> }
</span><span class="cx"> if ($cgi->param('enable-report')) {
</span><del>- print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resources/save-report.php\n";
</del><ins>+ print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resources/save-report.php?test=" . $cgi->param('test') . "\n";
</ins><span class="cx"> }
</span><span class="cx"> if ($cgi->param('enable-full-block-report')) {
</span><del>- print "X-XSS-Protection: 1; mode=block; report=/security/contentSecurityPolicy/resources/save-report.php\n";
</del><ins>+ print "X-XSS-Protection: 1; mode=block; report=/security/contentSecurityPolicy/resources/save-report.php?test=" . $cgi->param('test') . "\n";
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if ($cgi->param('valid-header')) {
</span><span class="lines">@@ -143,7 +143,7 @@
</span><span class="cx"> print "<script>if (/xssAuditorTestCookie/.test(document.cookie)) { alert('FAIL: ' + document.cookie); document.cookie = 'xssAuditorTestCookie=remove; max-age=-1'; } else alert('PASS');</script>\n";
</span><span class="cx"> }
</span><span class="cx"> if ($cgi->param('echo-report')) {
</span><del>- print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-report.js></script>\n";
</del><ins>+ print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-report.php?test=" . $cgi->param('test') . "></script>\n";
</ins><span class="cx"> }
</span><span class="cx"> if ($cgi->param('inHead')) {
</span><span class="cx"> print "</head>\n";
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5charexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?charset=Big5&q=%3Cscript%20%89g%3Ealert(location)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-Big5-char.html&charset=Big5&q=%3Cscript%20%89g%3Ealert(location)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5chartwiceurlencodeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?charset=Big5&q=%3Cscript%3Ealert(/XS%2581SS/)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html&charset=Big5&q=%3Cscript%3Ealert(/XS%2581SS/)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5chartwiceurlencodehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?charset=Big5&q=<script>alert(/XS%2581SS/)</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html&charset=Big5&q=<script>alert(/XS%2581SS/)</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5charhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?charset=Big5&q=<script%20%89g>alert(location)</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-Big5-char.html&charset=Big5&q=<script%20%89g>alert(location)</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5char2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char2-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char2-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char2-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?charset=Big5&q=%3Cscript%3Ealert(/XS%81SS/)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-Big5-char2.html&charset=Big5&q=%3Cscript%3Ealert(/XS%81SS/)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagBig5char2html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char2.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char2.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-Big5-char2.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?charset=Big5&q=<script>alert(/XS%81SS/)</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-Big5-char2.html&charset=Big5&q=<script>alert(/XS%81SS/)</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagcontrolcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-control-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-control-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-control-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))//h%01%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-control-char.html&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))//h%01%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagcontrolcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-control-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-control-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-control-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))//h%01</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-control-char.html&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))//h%01</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagconvolutedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Edocument.write(%22scri%22)%3C/script%3Ept%20src=%22xss.js%22%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-convoluted.html&q=%3Cscript%3Edocument.write(%22scri%22)%3C/script%3Ept%20src=%22xss.js%22%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagconvolutedhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>document.write("scri")</script>pt src="xss.js"></script>'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-convoluted.html&q=<script>document.write("scri")</script>pt src="xss.js"></script>'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagentitiesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-entities-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-entities-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-entities-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-entities.html&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagentitieshtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-entities.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-entities.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-entities.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-entities.html&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))//%26amp%3Bcopy%3B</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscraaa%3E%3Cscriaa%3E%3Cscripa%3E%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag.html&q=%3Cscraaa%3E%3Cscriaa%3E%3Cscripa%3E%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagexpressionfollowsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?script-expression-follows=1&q=%3Cscript%3Ealert('XSS')' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-expression-follows.html&script-expression-follows=1&q=%3Cscript%3Ealert('XSS')' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagexpressionfollowshtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-expression-follows.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?script-expression-follows=1&q=<script>alert('XSS')">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-expression-follows.html&script-expression-follows=1&q=<script>alert('XSS')">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Csvg%3E%3Cscript%3E%2f%2f%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-inside-svg-tag.html&q=%3Csvg%3E%3Cscript%3E%2f%2f%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<svg><script>%2f%2f%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))</script></svg>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-inside-svg-tag.html&q=<svg><script>%2f%2f%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))</script></svg>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed.
</span><span class="cx"> </body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtag2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Cdiv%3E%3Ci%3Ex%3C/i%3E%3C/div%3E&q=%3Csvg%3E%3Cscript%3E%3C!--&q2=--%3E%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-inside-svg-tag2.html&clutter=%3Cdiv%3E%3Ci%3Ex%3C/i%3E%3C/div%3E&q=%3Csvg%3E%3Cscript%3E%3C!--&q2=--%3E%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed even with <!-- comments -->.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtag2html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<div><i>x</i></div>&q=<svg><script><!--&q2=-->%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))</script></svg>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-inside-svg-tag2.html&clutter=<div><i>x</i></div>&q=<svg><script><!--&q2=-->%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))</script></svg>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed even with &lt;!-- comments --&gt;.
</span><span class="cx"> </body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtag3expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Cscript%3Ealert(1)%3C/script%3E&q=%3Csvg%3E%3Cscript%3E&q2=alert(0)%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Cscript%3Ealert(1)%3C/script%3E&q=%3Csvg%3E%3Cscript%3E&q2=alert(0)%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-inside-svg-tag3.html&clutter=%3Cscript%3Ealert(1)%3C/script%3E&q=%3Csvg%3E%3Cscript%3E&q2=alert(0)%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-inside-svg-tag3.html&clutter=%3Cscript%3Ealert(1)%3C/script%3E&q=%3Csvg%3E%3Cscript%3E&q2=alert(0)%3C/script%3E%3C/svg%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed even with nested script blocks.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttaginsidesvgtag3html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<script>alert(1)</script>&q=<svg><script>&q2=alert(0)</script></svg>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-inside-svg-tag3.html&clutter=<script>alert(1)</script>&q=<svg><script>&q2=alert(0)</script></svg>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed even with nested script blocks.
</span><span class="cx"> </body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagnearstartexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-near-start-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-near-start-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-near-start-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?script-expression-follows=1&q=%3Cscript%3E%22%3Cscript%3E%22-alert(/XSS/)' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-near-start.html&script-expression-follows=1&q=%3Cscript%3E%22%3Cscript%3E%22-alert(/XSS/)' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagnearstarthtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-near-start.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-near-start.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-near-start.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?script-expression-follows=1&q=<script>%22<script>%22-alert(/XSS/)">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-near-start.html&script-expression-follows=1&q=<script>%22<script>%22-alert(/XSS/)">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagnullcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-null-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-null-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-null-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Eal%00ert(0)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-null-char.html&q=%3Cscript%3Eal%00ert(0)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagnullcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-null-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-null-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-null-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>al%00ert(0)</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-null-char.html&q=<script>al%00ert(0)</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagopenredirectexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagopenredirecthtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/resources/redirect.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</del><ins>+<iframe src="http://localhost:8000/resources/redirect.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-open-redirect.html&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagpostcontrolcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-control-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-control-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-control-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-post-control-char.html' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagpostcontrolcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-control-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-control-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-control-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -12,7 +12,7 @@
</span><span class="cx"> <body>
</span><span class="cx"> <iframe name="tg" src="about:blank"></iframe>
</span><span class="cx"> <form target="tg" method="POST" id="theForm"
</span><del>- action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl">
</del><ins>+ action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-post-control-char.html">
</ins><span class="cx"> <input type="hidden" name="notifyDone" value="1">
</span><span class="cx"> <input type="text" name="q" value="<script>alert(XSS%05)</script>">
</span><span class="cx"> </form>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagpostexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-post.html' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagpostnullcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-null-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-null-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-null-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-post-null-char.html' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagpostnullcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-null-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-null-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-null-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -12,7 +12,7 @@
</span><span class="cx"> <body>
</span><span class="cx"> <iframe name="tg" src="about:blank"></iframe>
</span><span class="cx"> <form target="tg" method="POST" id="theForm"
</span><del>- action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl">
</del><ins>+ action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-post-null-char.html">
</ins><span class="cx"> <input type="hidden" name="notifyDone" value="1">
</span><span class="cx"> <input type="text" name="q" value="<script>al%00ert(0)</script>">
</span><span class="cx"> </form>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagposthtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -12,7 +12,7 @@
</span><span class="cx"> <body>
</span><span class="cx"> <iframe name="tg" src="about:blank"></iframe>
</span><span class="cx"> <form target="tg" method="POST" id="theForm"
</span><del>- action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl">
</del><ins>+ action="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-post.html">
</ins><span class="cx"> <input type="hidden" name="notifyDone" value="1">
</span><span class="cx"> <input type="text" name="q" value="<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</span><span class="cx"> </form>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagredirectexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-redirect-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-redirect-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-redirect-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagredirecthtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-redirect.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-redirect.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-redirect.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="/resources/redirect.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</del><ins>+<iframe src="/resources/redirect.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-redirect.html&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwith16bitunicodesurrogatepairexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert(/XS%uD834%uDD1E/)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair.html&q=%3Cscript%3Ealert(/XS%uD834%uDD1E/)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwith16bitunicodesurrogatepairhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(/XS%uD834%uDD1E/)</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair.html&q=<script>alert(/XS%uD834%uDD1E/)</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwith16bitunicode5expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode5-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode5-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode5-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert('%u0058%u0053%u0053%u0020%u05d0%u05d1%u05d8%u05d7%u05d4%u0020%u05e4%u05d2%u05d9%u05e2%u05d5%u05ea-%u8de8%u7ad9%u5f0f%u811a%u672c%u653b%u51fb')%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-16bit-unicode5.html&q=%3Cscript%3Ealert('%u0058%u0053%u0053%u0020%u05d0%u05d1%u05d8%u05d7%u05d4%u0020%u05e4%u05d2%u05d9%u05e2%u05d5%u05ea-%u8de8%u7ad9%u5f0f%u811a%u672c%u653b%u51fb')%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwith16bitunicode5html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode5.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode5.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-16bit-unicode5.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert('%u0058%u0053%u0053%u0020%u05d0%u05d1%u05d8%u05d7%u05d4%u0020%u05e4%u05d2%u05d9%u05e2%u05d5%u05ea-%u8de8%u7ad9%u5f0f%u811a%u672c%u653b%u51fb')</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-16bit-unicode5.html&q=<script>alert('%u0058%u0053%u0053%u0020%u05d0%u05d1%u05d8%u05d7%u05d4%u0020%u05e4%u05d2%u05d9%u05e2%u05d5%u05ea-%u8de8%u7ad9%u5f0f%u811a%u672c%u653b%u51fb')</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithactualcommaexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3E/**/0,0/*,*/-alert(0)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-actual-comma.html&q=%3Cscript%3E/**/0,0/*,*/-alert(0)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span><span class="cx"> Test that the XSSAuditor's tolerance for the IIS webserver's comma concatenation doesn't open holes when the reflected argument contains an actual comma. The test passes if the XSSAuditor logs console messages and no alerts fire.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithactualcommahtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>/**/0,0/*,*/-alert(0)</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-actual-comma.html&q=<script>/**/0,0/*,*/-alert(0)</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> <p>Test that the XSSAuditor's tolerance for the IIS webserver's comma concatenation doesn't open holes when the reflected argument
</span><span class="cx"> contains an actual comma. The test passes if the XSSAuditor logs console messages and no alerts fire.</p>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcallbacksexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
</span><span class="cx"> main frame - didFinishDocumentLoadForFrame
</span><span class="cx"> frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-callbacks.html&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> didDetectXSS
</span><span class="cx"> frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
</span><span class="cx"> frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcallbackshtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-callbacks.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-callbacks.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-callbacks.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-callbacks.html&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcomma01expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=%3Cscript%20x='1&%3E&q2=1'%3Ealert(String.fromCharCode(0x58,0x53,0x53,0x31))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-comma-01.html&clutter=,&q=%3Cscript%20x='1&%3E&q2=1'%3Ealert(String.fromCharCode(0x58,0x53,0x53,0x31))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span><span class="cx"> Test that the XSSAuditor catches the specific case where the IIS webserver resovles multiply occuring query parameters by concatenating them before passing the result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The test passes if the XSSAuditor logs console messages and no alerts fire.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcomma01html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-01.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=<script%20x='1&>&q2=1'>alert(String.fromCharCode(0x58,0x53,0x53,0x31))</script>"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-comma-01.html&clutter=,&q=<script%20x='1&>&q2=1'>alert(String.fromCharCode(0x58,0x53,0x53,0x31))</script>"></iframe>
</ins><span class="cx"> <p>Test that the XSSAuditor catches the specific case where the IIS webserver resovles multiply occuring query parameters by
</span><span class="cx"> concatenating them before passing the result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The test
</span><span class="cx"> passes if the XSSAuditor logs console messages and no alerts fire.</p>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcomma02expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-02-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-02-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-02-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=%3Cscript%3Ealert(String.fromCharCode(0x58&q2=0x53,0x53,0x32))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-comma-02.html&clutter=,&q=%3Cscript%3Ealert(String.fromCharCode(0x58&q2=0x53,0x53,0x32))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span><span class="cx"> Test that the XSSAuditor catches the specific case where the IIS webserver resovles multiply occuring query parameters by concatenating them before passing the result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The test passes if the XSSAuditor logs console messages and no alerts fire.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithcomma02html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-02.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-02.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-comma-02.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=,&q=<script>alert(String.fromCharCode(0x58&q2=0x53,0x53,0x32))</script>"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-comma-02.html&clutter=,&q=<script>alert(String.fromCharCode(0x58&q2=0x53,0x53,0x32))</script>"></iframe>
</ins><span class="cx"> <p>Test that the XSSAuditor catches the specific case where the IIS webserver resovles multiply occuring query parameters by
</span><span class="cx"> concatenating them before passing the result to the application. Conceptually, its as if ?a=1&a=2 becomes ?a=1,2. The test
</span><span class="cx"> passes if the XSSAuditor logs console messages and no alerts fire.</p>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithfancyunicodeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3E%u0061lert(0)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-fancy-unicode.html&q=%3Cscript%3E%u0061lert(0)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithfancyunicodehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>%u0061lert(0)</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-fancy-unicode.html&q=<script>%u0061lert(0)</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithinvalidclosingtagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%20%3Ci%3E%3Cb%3E&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-invalid-closing-tag.html&clutter=%20%3Ci%3E%3Cb%3E&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithinvalidclosingtaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%20<i><b>&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-invalid-closing-tag.html&clutter=%20<i><b>&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithinvalidurlencodingexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert(1%1)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-invalid-url-encoding.html&q=%3Cscript%3Ealert(1%1)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithinvalidurlencodinghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(1%1)</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-invalid-url-encoding.html&q=<script>alert(1%1)</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcecontrolcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-control-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-control-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-control-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src='http://127.0.0.1:8000/sec%02urity/xssAuditor/resources/xss.js'%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-control-char.html&q=%3Cscript%20src='http://127.0.0.1:8000/sec%02urity/xssAuditor/resources/xss.js'%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcecontrolcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-control-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-control-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-control-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src='http://127.0.0.1:8000/sec%02urity/xssAuditor/resources/xss.js'></script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-control-char.html&q=<script src='http://127.0.0.1:8000/sec%02urity/xssAuditor/resources/xss.js'></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurlexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src=%22data:,alert(1)%22' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-data-url.html&q=%3Cscript%20src=%22data:,alert(1)%22' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurlhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script%20src=%22data:,alert(1)%22">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-data-url.html&q=<script%20src=%22data:,alert(1)%22">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurl2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url2-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url2-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url2-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Cb%3E***%3C/b%3E&q=%3Cscript%20src=%22data:,alert(1)//&q2=%22%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-data-url2.html&clutter=%3Cb%3E***%3C/b%3E&q=%3Cscript%20src=%22data:,alert(1)//&q2=%22%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurl2html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url2.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url2.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url2.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<b>***</b>&q=<script%20src=%22data:,alert(1)//&q2=%22></script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-data-url2.html&clutter=<b>***</b>&q=<script%20src=%22data:,alert(1)//&q2=%22></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurl3expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url3-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url3-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url3-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Cb%3E***%3C/b%3E&q=%3Cscript%20src=%22data:,alert(1)%3C!----&q2=%22%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-data-url3.html&clutter=%3Cb%3E***%3C/b%3E&q=%3Cscript%20src=%22data:,alert(1)%3C!----&q2=%22%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedataurl3html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url3.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url3.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url3.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<b>***</b>&q=<script%20src=%22data:,alert(1)<!----&q2=%22></script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-data-url3.html&clutter=<b>***</b>&q=<script%20src=%22data:,alert(1)<!----&q2=%22></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedoublequoteexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-double-quote-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-double-quote-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-double-quote-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src=%22http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%22%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-double-quote.html&q=%3Cscript%20src=%22http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%22%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcedoublequotehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-double-quote.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-double-quote.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-double-quote.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src="http://127.0.0.1:8000/security/xssAuditor/resources/xss.js"></script>'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-double-quote.html&q=<script src="http://127.0.0.1:8000/security/xssAuditor/resources/xss.js"></script>'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceentitiesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src='http://127.0.0.1:8000/security/xssAuditor/resources/xss.js?%26amp%3Bcopy%3B'%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-entities.html&q=%3Cscript%20src='http://127.0.0.1:8000/security/xssAuditor/resources/xss.js?%26amp%3Bcopy%3B'%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceentitieshtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src='http://127.0.0.1:8000/security/xssAuditor/resources/xss.js?%26amp%3Bcopy%3B'></script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-entities.html&q=<script src='http://127.0.0.1:8000/security/xssAuditor/resources/xss.js?%26amp%3Bcopy%3B'></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src='http://127.0.0.1:8000/security/xssAuditor/resources/xss.js'%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source.html&q=%3Cscript%20src='http://127.0.0.1:8000/security/xssAuditor/resources/xss.js'%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcenoquoteexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-no-quote-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-no-quote-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-no-quote-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src=http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-no-quote.html&q=%3Cscript%20src=http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcenoquotehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-no-quote.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-no-quote.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-no-quote.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src=http://127.0.0.1:8000/security/xssAuditor/resources/xss.js></script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-no-quote.html&q=<script src=http://127.0.0.1:8000/security/xssAuditor/resources/xss.js></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcenullcharexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-null-char-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-null-char-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-null-char-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/xss.js'%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-null-char.html&q=%3Cscript%20src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/xss.js'%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcenullcharhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-null-char.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-null-char.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-null-char.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/xss.js'></script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-null-char.html&q=<script src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/xss.js'></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcerelativeschemeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-relative-scheme-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-relative-scheme-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-relative-scheme-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript+src%3D//127.0.0.1%3A8000/security/xssAuditor/resources/xss.js%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-relative-scheme.html&q=%3Cscript+src%3D//127.0.0.1%3A8000/security/xssAuditor/resources/xss.js%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcerelativeschemehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-relative-scheme.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-relative-scheme.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-relative-scheme.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript+src%3D//127.0.0.1%3A8000/security/xssAuditor/resources/xss.js%3E%3C/script%3E'>
</del><ins>+<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-relative-scheme.html&q=%3Cscript+src%3D//127.0.0.1%3A8000/security/xssAuditor/resources/xss.js%3E%3C/script%3E'>
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcesamehostwithqueryexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src='xss.js?maybe+dangerous+query+string'%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-same-host-with-query.html&q=%3Cscript%20src='xss.js?maybe+dangerous+query+string'%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcesamehostwithqueryhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src='xss.js?maybe+dangerous+query+string'></script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-same-host-with-query.html&q=<script src='xss.js?maybe+dangerous+query+string'></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcesamehosthtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-same-host.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src='safe-script.js'></script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-same-host.html&q=<script src='safe-script.js'></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated01expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-01-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-01-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-01-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src=%22http://127.0.0.1:8000/security/xssAuditor/resources/xss.js?&q2=%22%3E%3C/script%3E&clutter=blah' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-unterminated-01.html&q=%3Cscript%20src=%22http://127.0.0.1:8000/security/xssAuditor/resources/xss.js?&q2=%22%3E%3C/script%3E&clutter=blah' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated01html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-01.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-01.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-01.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,6 +9,6 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src="http://127.0.0.1:8000/security/xssAuditor/resources/xss.js?&q2="></script>&clutter=blah'></iframe>
</del><ins>+ <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-unterminated-01.html&q=<script src="http://127.0.0.1:8000/security/xssAuditor/resources/xss.js?&q2="></script>&clutter=blah'></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated02expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-02-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-02-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-02-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src=%22http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%23&q2=%22%3E%3C/script%3E&clutter=blah' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-unterminated-02.html&q=%3Cscript%20src=%22http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%23&q2=%22%3E%3C/script%3E&clutter=blah' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated02html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-02.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-02.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-02.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,6 +9,6 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src="http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%23&q2="></script>&clutter=blah'></iframe>
</del><ins>+ <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-unterminated-02.html&q=<script src="http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%23&q2="></script>&clutter=blah'></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated03expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-03-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-03-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-03-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%20src=%22http://127.0.0.1:8000/security/xssAuditor/resources/&q2=%22%3E%3C/script%3E&clutter=xss.js?' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-unterminated-03.html&q=%3Cscript%20src=%22http://127.0.0.1:8000/security/xssAuditor/resources/&q2=%22%3E%3C/script%3E&clutter=xss.js?' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourceunterminated03html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-03.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-03.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-unterminated-03.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,6 +9,6 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src="http://127.0.0.1:8000/security/xssAuditor/resources/&q2="></script>&clutter=xss.js?'></iframe>
</del><ins>+ <iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source-unterminated-03.html&q=<script src="http://127.0.0.1:8000/security/xssAuditor/resources/&q2="></script>&clutter=xss.js?'></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithsourcehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script src='http://127.0.0.1:8000/security/xssAuditor/resources/xss.js'></script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-source.html&q=<script src='http://127.0.0.1:8000/security/xssAuditor/resources/xss.js'></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwiththreetimesurlencoded16bitunicodeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3E%252525u0061lert(0)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html&q=%3Cscript%3E%252525u0061lert(0)%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwiththreetimesurlencoded16bitunicodehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>%252525u0061lert(0)</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html&q=<script>%252525u0061lert(0)</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcommentU2028expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3E//%e2%80%a8alert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment-U2028.html&q=%3Cscript%3E//%e2%80%a8alert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcommentU2028html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>//%e2%80%a8alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment-U2028.html&q=<script>//%e2%80%a8alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcommentexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%20%3Ci%3E%3Cb%3E&q=%3Cscript%3E/*&q2=*/alert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment.html&clutter=%20%3Ci%3E%3Cb%3E&q=%3Cscript%3E/*&q2=*/alert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcommenthtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%20<i><b>&q=<script>/*&q2=*/alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment.html&clutter=%20<i><b>&q=<script>/*&q2=*/alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment2-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment2-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment2-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Ci%3E%3Cb%3E&q=%3Cscript%3E//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment2.html&clutter=%3Ci%3E%3Cb%3E&q=%3Cscript%3E//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment2html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment2.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment2.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment2.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,6 +9,6 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<i><b>&q=<script>//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment2.html&clutter=<i><b>&q=<script>//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment3expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment3-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment3-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment3-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 6: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%20%3Ci%3E%3Cb%3E&q=%3Cscript%3E%20%0a%3C!--&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))//--%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 6: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment3.html&clutter=%20%3Ci%3E%3Cb%3E&q=%3Cscript%3E%20%0a%3C!--&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))//--%3E%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment3html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment3.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment3.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment3.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%20<i><b>&q=<script>%20%0a<!--&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))//--></script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment3.html&clutter=%20<i><b>&q=<script>%20%0a<!--&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))//--></script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment4expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment4-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment4-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment4-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3E/*///*/alert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment4.html&q=%3Cscript%3E/*///*/alert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment4html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment4.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment4.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment4.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>/*///*/alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment4.html&q=<script>/*///*/alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment5expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment5-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment5-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment5-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=%3Ci%3E%3Cb%3E&q=%3Cscript%3Ex=1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment5.html&clutter=%3Ci%3E%3Cb%3E&q=%3Cscript%3Ex=1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttagwithtrailingcomment5html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment5.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment5.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-comment5.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,6 +9,6 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<i><b>&q=<script>x=1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-trailing-comment5.html&clutter=<i><b>&q=<script>x=1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1*1//&q2=%0aalert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorscripttaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<scraaa><scriaa><scripa><script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag.html&q=<scraaa><scriaa><scripa><script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorsvganimateexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/svg-animate-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/svg-animate-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/svg-animate-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Csvg%20xmlns:xlink='http://www.w3.org/1999/xlink'%3E%3Ca%3E%3Ccircle%20r=100%20/%3E%3Canimate%20attributeName=xlink:href%20values=%3Bjavascript%3Aalert(1)%20begin=0s%20end=0.1s%20fill=freeze%20/%3E%3C/a%3E%3C/svg%3E&notifyDone=1&dumpElementBySelector=animate' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/svg-animate.html&q=%3Csvg%20xmlns:xlink='http://www.w3.org/1999/xlink'%3E%3Ca%3E%3Ccircle%20r=100%20/%3E%3Canimate%20attributeName=xlink:href%20values=%3Bjavascript%3Aalert(1)%20begin=0s%20end=0.1s%20fill=freeze%20/%3E%3C/a%3E%3C/svg%3E&notifyDone=1&dumpElementBySelector=animate' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx"> This test passes if the element displayed in the frame below has a 'values' attribute containing only 'javascript:void(0)'.
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorsvganimatehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/svg-animate.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/svg-animate.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/svg-animate.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -12,6 +12,6 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This test passes if the element displayed in the frame below has a 'values' attribute containing only 'javascript:void(0)'.</p>
</span><del>- <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<svg%20xmlns:xlink='http://www.w3.org/1999/xlink'><a><circle%20r=100%20/><animate%20attributeName=xlink:href%20values=%3Bjavascript%3Aalert(1)%20begin=0s%20end=0.1s%20fill=freeze%20/></a></svg>&notifyDone=1&dumpElementBySelector=animate"></iframe>
</del><ins>+ <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/svg-animate.html&q=<svg%20xmlns:xlink='http://www.w3.org/1999/xlink'><a><circle%20r=100%20/><animate%20attributeName=xlink:href%20values=%3Bjavascript%3Aalert(1)%20begin=0s%20end=0.1s%20fill=freeze%20/></a></svg>&notifyDone=1&dumpElementBySelector=animate"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorsvgscripttagexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/svg-script-tag-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/svg-script-tag-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/svg-script-tag-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3csvg%3e%3cscript%20XLinK:href='data:text/html,alert(0)'%3e%3c/script%3e%3c/svg%3e' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/svg-script-tag.html&q=%3csvg%3e%3cscript%20XLinK:href='data:text/html,alert(0)'%3e%3c/script%3e%3c/svg%3e' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorsvgscripttaghtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/svg-script-tag.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/svg-script-tag.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/svg-script-tag.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -9,7 +9,7 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3csvg%3e%3cscript%20XLinK:href='data:text/html,alert(0)'%3e%3c/script%3e%3c/svg%3e">
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/svg-script-tag.html&q=%3csvg%3e%3cscript%20XLinK:href='data:text/html,alert(0)'%3e%3c/script%3e%3c/svg%3e">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssfilterbypassbig5expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert('%b4%5f')%3C/script%3E&charset=big5&notifyDone=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-filter-bypass-big5.html&q=%3Cscript%3Ealert('%b4%5f')%3C/script%3E&charset=big5&notifyDone=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssfilterbypassbig5html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,6 +10,6 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert('%b4%5f')</script>&charset=big5&notifyDone=1"></iframe>
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-filter-bypass-big5.html&q=<script>alert('%b4%5f')</script>&charset=big5&notifyDone=1"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssfilterbypasssjisexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert('%8f%5f')%3C/script%3E&charset=shift_jis&notifyDone=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-filter-bypass-sjis.html&q=%3Cscript%3Ealert('%8f%5f')%3C/script%3E&charset=shift_jis&notifyDone=1' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssfilterbypasssjishtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -10,6 +10,6 @@
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert('%8f%5f')</script>&charset=shift_jis&notifyDone=1"></iframe>
</del><ins>+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-filter-bypass-sjis.html&q=<script>alert('%8f%5f')</script>&charset=shift_jis&notifyDone=1"></iframe>
</ins><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing01html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-01.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-01.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-01.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -16,7 +16,7 @@
</span><span class="cx"> }
</span><span class="cx"> window.onload = function()
</span><span class="cx"> {
</span><del>- sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","valid-header=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST", done);
</del><ins>+ sendRequestFromIFrame("http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl","test=/security/xssAuditor/xss-protection-parsing-01.html&valid-header=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<\/script>","POST", done);
</ins><span class="cx"> };
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing02expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-02-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-02-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-02-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-header=2&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-protection-parsing-02.html&notifyDone=1&valid-header=2&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> This tests that the X-XSS-Protection header is not ignored when there is a trailing semicolon. Although theoretically malformed, we tolerate this case without issuing an error.
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing02html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-02.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-02.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-02.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -14,7 +14,7 @@
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection header is not ignored when there is a trailing semicolon.
</span><span class="cx"> Although theoretically malformed, we tolerate this case without issuing an error. </p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-header=2&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-protection-parsing-02.html&notifyDone=1&valid-header=2&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing03expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-header=3&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-protection-parsing-03.html&notifyDone=1&valid-header=3&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><del>-ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-header=3&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E
</del><ins>+ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-protection-parsing-03.html&notifyDone=1&valid-header=3&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E
</ins><span class="cx"> This tests that the X-XSS-Protection header is not ignored when there is a trailing semicolon following mode=blank. Although theoretically malformed, we tolerate this case without issuing an error.
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing03html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -14,7 +14,7 @@
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection header is not ignored when there is a trailing semicolon following mode=blank.
</span><span class="cx"> Although theoretically malformed, we tolerate this case without issuing an error. </p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-header=3&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-protection-parsing-03.html&notifyDone=1&valid-header=3&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing04expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><del>-CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-header=4&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</del><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-protection-parsing-04.html&notifyDone=1&valid-header=4&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
</ins><span class="cx"> CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
</span><span class="cx">
</span><del>-ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-header=4&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E
</del><ins>+ALERT: URL mismatch: undefined vs. http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-protection-parsing-04.html&notifyDone=1&valid-header=4&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message%20and%20no%20JavaScript%20alert()%20then%20the%20test%20PASSED.%3C/p%3E
</ins><span class="cx"> This tests that the X-XSS-Protection header is not ignored when the report and mode directives are swapped.
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssAuditorxssprotectionparsing04html"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04.html (176412 => 176413)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04.html 2014-11-20 22:03:39 UTC (rev 176412)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04.html 2014-11-20 22:10:37 UTC (rev 176413)
</span><span class="lines">@@ -13,7 +13,7 @@
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>This tests that the X-XSS-Protection header is not ignored when the report and mode directives are swapped.</p>
</span><del>-<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&valid-header=4&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</del><ins>+<iframe id="frame" onload="checkIfFrameLocationMatchesSrcAndCallDone('frame')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/xss-protection-parsing-04.html&notifyDone=1&valid-header=4&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
</ins><span class="cx"> </iframe>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre>
</div>
</div>
</body>
</html>