Skip to site navigation (Press enter)

[webkit-changes] [93745] trunk/LayoutTests

dbates Wed, 24 Aug 2011 15:36:18 -0700

Title: [93745] trunk/LayoutTests

Revision: 93745
Author: [email protected]
Date: 2011-08-24 15:35:52 -0700 (Wed, 24 Aug 2011)

Log Message

XSS filter bypass via document.write(location.href) and fragments
https://bugs.webkit.org/show_bug.cgi?id=66585


Reviewed by Darin Adler.

Add a test case for a variation of a DOM-based XSS attack using an anchor URL.

* http/tests/security/xssAuditor/anchor-url-dom-write-location2-expected.txt: Added.
* http/tests/security/xssAuditor/anchor-url-dom-write-location2.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog

Added Paths

trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location2-expected.txt
trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location2.html

Diff

Modified: trunk/LayoutTests/ChangeLog (93744 => 93745)


--- trunk/LayoutTests/ChangeLog	2011-08-24 22:28:50 UTC (rev 93744)
+++ trunk/LayoutTests/ChangeLog	2011-08-24 22:35:52 UTC (rev 93745)
@@ -1,3 +1,15 @@
+2011-08-24  Daniel Bates  <[email protected]>
+
+        XSS filter bypass via document.write(location.href) and fragments
+        https://bugs.webkit.org/show_bug.cgi?id=66585
+
+        Reviewed by Darin Adler.
+
+        Add a test case for a variation of a DOM-based XSS attack using an anchor URL.
+
+        * http/tests/security/xssAuditor/anchor-url-dom-write-location2-expected.txt: Added.
+        * http/tests/security/xssAuditor/anchor-url-dom-write-location2.html: Added.
+
 2011-08-24  James Robinson  <[email protected]>
 
         [chromium] Update expectations for tests that no longer crash.

Added: trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location2-expected.txt (0 => 93745)


--- trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location2-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location2-expected.txt	2011-08-24 22:35:52 UTC (rev 93745)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 1: Refused to execute a _javascript_ script. Source code of script found within request.
+
+

Added: trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location2.html (0 => 93745)


--- trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location2.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location2.html	2011-08-24 22:35:52 UTC (rev 93745)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.setXSSAuditorEnabled(true);
+}
+</script>
+</head>
+<body>
+<iframe src=""
+</iframe>
+</body>
+</html>

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes