projects / profile / ivi / webkit-efl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c4a8169)
Typos in LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag*.html
authortsepez@chromium.org <tsepez@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 12 Apr 2012 18:57:22 +0000 (18:57 +0000)
committertsepez@chromium.org <tsepez@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 12 Apr 2012 18:57:22 +0000 (18:57 +0000)
https://bugs.webkit.org/show_bug.cgi?id=83794

Reviewed by Adam Barth.

Several changes needed to make the XSS in these test cases fire against actual
vulnerable browsers. The tests were still valid, but it is more helpful to see
the XSS pop up.

* http/tests/security/xssAuditor/script-tag-inside-svg-tag.html:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@114010 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog patch | blob | history
LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag.html patch | blob | history
LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html patch | blob | history
LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html patch | blob | history

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index f4d3e30..14922e3 100644 (file)
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,18 @@
+2012-04-12  Tom Sepez  <tsepez@chromium.org>
+
+        Typos in LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag*.html
+        https://bugs.webkit.org/show_bug.cgi?id=83794
+
+        Reviewed by Adam Barth.
+
+        Several changes needed to make the XSS in these test cases fire against actual
+        vulnerable browsers. The tests were still valid, but it is more helpful to see
+        the XSS pop up.
+
+        * http/tests/security/xssAuditor/script-tag-inside-svg-tag.html:
+        * http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html:
+        * http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html:
+
 2012-04-09  Victoria Kirst  <vrk@chromium.org>
 
         Remove setTimeout from media/video-seek-past-end-paused.html and fix other minor issues
diff --git a/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag.html b/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag.html
index f077d5c..67a2601 100644 (file)
--- a/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag.html
+++ b/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag.html
@@ -9,7 +9,7 @@ if (window.layoutTestController) {
 </script>
 </head>
 <body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<svg><script>//%26%24x0a;alert%26%23x29;String.fromCharCode(0x58,0x53,0x53))</svg></script>">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<svg><script>%2f%2f%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))</script></svg>">
 </iframe>
 Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed.
 </body>
diff --git a/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html b/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html
index 177ec12..5e3beb8 100644 (file)
--- a/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html
+++ b/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html
@@ -9,7 +9,7 @@ if (window.layoutTestController) {
 </script>
 </head>
 <body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<div><i>x</i></div>&q=<svg><script><!--&q2=-->%26%24x0a;alert%26%23x29;String.fromCharCode(0x58,0x53,0x53))</svg></script>">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<div><i>x</i></div>&q=<svg><script><!--&q2=-->%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))</script></svg>">
 </iframe>
 Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed even with &lt;!-- comments --&gt;.
 </body>
diff --git a/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html b/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html
index 2d4453d..dff2c06 100644 (file)
--- a/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html
+++ b/LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html
@@ -9,7 +9,7 @@ if (window.layoutTestController) {
 </script>
 </head>
 <body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<script>alert(1)</script>&q=<svg><script>&q2=alert(0);</script></svg>">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<script>alert(1)</script>&q=<svg><script>&q2=alert(0)</script></svg>">
 </iframe>
 Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed even with nested script blocks.
 </body>
Domain: Web Framework / Uncategorized;