[webkit-reviews] review granted: [Bug 54576] Import XSSAuditor tests from David Ross : [Attachment 82699] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 16 14:41:36 PST 2011
Daniel Bates <dbates at webkit.org> has granted Adam Barth <abarth at webkit.org>'s
request for review:
Bug 54576: Import XSSAuditor tests from David Ross
https://bugs.webkit.org/show_bug.cgi?id=54576
Attachment 82699: Patch
https://bugs.webkit.org/attachment.cgi?id=82699&action=review
------- Additional Comments from Daniel Bates <dbates at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=82699&action=review
Thanks Adam for updating the patch. This patch looks good. My only suggestion
is that we file bugs for form-action.html and iframe-injection.html to remember
to follow up and/or add a comment to the file to indicate that these tests are
expected to fail so as to make the empty file expected results less mysterious
in the meantime.
>
LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-data-url.html
:12
> +<iframe
src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<sc
ript%20src=%22data:,alert(1)%22">
Remark: You also use "alert(1)" here.
More information about the webkit-reviews
mailing list