src/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html

   1 <!DOCTYPE html>
   2 <html>
   3 <head>
   4 <script src="/security/xssAuditor/resources/utilities.js"></script>
   5 <script>
   6 if (window.testRunner) {
   7     testRunner.dumpAsText();
   8     testRunner.dumpChildFramesAsText();
   9     testRunner.waitUntilDone();
  10     testRunner.setXSSAuditorEnabled(true);
  11 }
  12
  13 function checkframe()
  14 {
  15     try {
  16         var ref = document.getElementById("frame").contentDocument.referrer;
  17         console.log('PASS: Referrer is "' + ref + '"');
  18     } catch (e) {
  19         console.log('FAIL: same-origin access threw: \'' + e.toString() + '\'.');
  20     }
  21     checkIfFrameLocationMatchesSrcAndCallDone('frame');
  22 }
  23 </script>
  24 </head>
  25 <body>
  26 <p>There should be no content in the iframe below:</p>
  27 <iframe id="frame" name="frame" onload="checkframe()" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>">
  28 </iframe>
  29 </body>
  30 </html>