Commit c417bcd9 authored by abarth@webkit.org's avatar abarth@webkit.org
Browse files

Revert 44981. The buildbots hate me.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@44983 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 9d42b004
2009-06-23 Adam Barth <abarth@webkit.org>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=26589
More tests for the XSSAuditor. (I converted the server side to Perl
after Sam reviewed the patch because the PHP scripts didn't agree with
the Tiger and Windows buildbots.)
* http/tests/security/xssAuditor/img-onerror-tricky-expected.txt: Added.
* http/tests/security/xssAuditor/img-onerror-tricky.html: Added.
* http/tests/security/xssAuditor/link-onclick-expected.txt: Added.
* http/tests/security/xssAuditor/link-onclick.html: Added.
* http/tests/security/xssAuditor/property-escape-expected.txt: Added.
* http/tests/security/xssAuditor/property-escape.html: Added.
* http/tests/security/xssAuditor/resources/echo-intertag-post-and-notify.pl: Added.
* http/tests/security/xssAuditor/resources/echo-intertag-post.pl: Added.
* http/tests/security/xssAuditor/resources/echo-intertag-utf-7.pl: Added.
* http/tests/security/xssAuditor/resources/echo-intertag.php: Removed.
* http/tests/security/xssAuditor/resources/echo-intertag.pl: Added.
* http/tests/security/xssAuditor/resources/echo-property.pl: Added.
* http/tests/security/xssAuditor/resources/redir.php: Added.
* http/tests/security/xssAuditor/resources/xss.js: Added.
* http/tests/security/xssAuditor/script-tag-convoluted-expected.txt: Added.
* http/tests/security/xssAuditor/script-tag-convoluted.html: Added.
* http/tests/security/xssAuditor/script-tag-open-redirect-expected.txt: Added.
* http/tests/security/xssAuditor/script-tag-open-redirect.html: Added.
* http/tests/security/xssAuditor/script-tag-post-expected.txt: Added.
* http/tests/security/xssAuditor/script-tag-post.html: Added.
* http/tests/security/xssAuditor/script-tag-redirect-expected.txt: Added.
* http/tests/security/xssAuditor/script-tag-redirect.html: Added.
* http/tests/security/xssAuditor/script-tag-utf-7-expected.txt: Added.
* http/tests/security/xssAuditor/script-tag-utf-7.html: Added.
* http/tests/security/xssAuditor/script-tag-with-source-expected.txt: Added.
* http/tests/security/xssAuditor/script-tag-with-source.html: Added.
* http/tests/security/xssAuditor/script-tag.html:
2009-06-22 Shinichiro Hamaji <hamaji@chromium.org>
Reviewed by Alexey Proskuryakov.
......
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
<!DOCTYPE html>
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cimg%20src=1%20'onerror=alert(/XSS/)%3E">
</iframe>
</body>
</html>
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
<!DOCTYPE html>
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<a%20onclick='alert(/XSS/)'>Click</a>">
</iframe>
</body>
</html>
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
<!DOCTYPE html>
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-property.pl?q=%22%20onload=%22alert(/XSS/)">
</iframe>
</body>
</html>
#!/usr/bin/perl -wT
use strict;
use CGI;
my $cgi = new CGI;
print "Content-Type: text/html; charset=UTF-8\n\n";
print "<!DOCTYPE html>\n";
print "<html>\n";
print "<body>\n";
print $cgi->param('q');
print "<script>\n";
print "if (window.layoutTestController)\n";
print " layoutTestController.notifyDone();\n";
print "</script>\n";
print "</body>\n";
print "</html>\n";
#!/usr/bin/perl -wT
use strict;
use CGI;
my $cgi = new CGI;
print "Content-Type: text/html; charset=UTF-8\n\n";
print "<!DOCTYPE html>\n";
print "<html>\n";
print "<body>\n";
print $cgi->param('q');
print "</body>\n";
print "</html>\n";
#!/usr/bin/perl -wT
use strict;
use CGI;
my $cgi = new CGI;
print "Content-Type: text/html; charset=UTF-7\n\n";
print "<!DOCTYPE html>\n";
print "<html>\n";
print "<body>\n";
print $cgi->param('q');
print "</body>\n";
print "</html>\n";
<!DOCTYPE html>
<html>
<body>
<?php
echo $_GET['q'];
?>
</body>
</html>
#!/usr/bin/perl -wT
use strict;
use CGI;
my $cgi = new CGI;
print "Content-Type: text/html; charset=UTF-8\n\n";
print "<!DOCTYPE html>\n";
print "<html>\n";
print "<body>\n";
print $cgi->param('q');
print "</body>\n";
print "</html>\n";
#!/usr/bin/perl -wT
use strict;
use CGI;
my $cgi = new CGI;
print "Content-Type: text/html; charset=UTF-8\n\n";
print "<!DOCTYPE html>\n";
print "<html>\n";
print "<body foo=\"";
print $cgi->param('q');
print "\">\n";
print "</body>\n";
print "</html>\n";
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
<!DOCTYPE html>
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<iframe src='http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>document.write("scri")</script>pt src="xss.js"></script>'>
</iframe>
</body>
</html>
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
<!DOCTYPE html>
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/xssAuditor/resources/redir.php?url=http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>alert(/XSS/)</script>">
</iframe>
</body>
</html>
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment