1 if (window.testRunner) {
2 testRunner.dumpAsText();
3 testRunner.dumpChildFramesAsText();
4 testRunner.setXSSAuditorEnabled(true);
5 testRunner.waitUntilDone();
8 function testMixedHeader(csp, xssProtection) {
10 'q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<' + '/script>'
13 params.push('csp='+csp);
15 if (xssProtection == 'allow')
16 params.push('disable-protection=1');
17 if (xssProtection == 'block')
18 params.push('enable-full-block=1');
19 if (xssProtection == 'filter')
20 params.push('valid-header=2');
21 if (xssProtection == 'invalid')
22 params.push('malformed-header=1');
24 var url = '/security/xssAuditor/resources/echo-intertag.pl?';
25 url += params.join('&');
27 document.write('<p>Testing behavior when "reflected-xss" is set to ' + csp + ', and "X-XSS-Protection" is set to ' + xssProtection + '.');
28 document.write('<iframe src="' + url + '"></iframe>');
31 function frameLoaded() {
32 var frame = document.querySelector('iframe');
34 alert('Loaded ' + frame.contentWindow.location.href + ' into the IFrame.');
36 alert('Loaded cross-origin frame.');
38 testRunner.notifyDone();
41 window.onload = frameLoaded;