[webkit-changes] [94884] trunk/LayoutTests

commit-queue Fri, 09 Sep 2011 16:04:37 -0700

Title: [94884] trunk/LayoutTests

Revision: 94884
Author: commit-qu...@webkit.org
Date: 2011-09-09 16:05:27 -0700 (Fri, 09 Sep 2011)

Log Message

Add test cases for xss auditor encoding bugs.
https://bugs.webkit.org/show_bug.cgi?id=67134


Patch by Tom Sepez <tse...@chromium.org> on 2011-09-09
Reviewed by Daniel Bates.

* http/tests/security/xssAuditor/resources/echo-intertag.pl:
* http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt: Added.
* http/tests/security/xssAuditor/xss-filter-bypass-big5.html: Added.
* http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt: Added.
* http/tests/security/xssAuditor/xss-filter-bypass-sjis.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl

Added Paths

trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt
trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5.html
trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt
trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis.html

Diff

Modified: trunk/LayoutTests/ChangeLog (94883 => 94884)


--- trunk/LayoutTests/ChangeLog	2011-09-09 23:05:18 UTC (rev 94883)
+++ trunk/LayoutTests/ChangeLog	2011-09-09 23:05:27 UTC (rev 94884)
@@ -1,3 +1,16 @@
+2011-09-09  Tom Sepez  <tse...@chromium.org>
+
+        Add test cases for xss auditor encoding bugs.
+        https://bugs.webkit.org/show_bug.cgi?id=67134
+
+        Reviewed by Daniel Bates.
+
+        * http/tests/security/xssAuditor/resources/echo-intertag.pl:
+        * http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt: Added.
+        * http/tests/security/xssAuditor/xss-filter-bypass-big5.html: Added.
+        * http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt: Added.
+        * http/tests/security/xssAuditor/xss-filter-bypass-sjis.html: Added.
+
 2011-09-09  Chris Rogers  <crog...@google.com>
 
         AudioBufferSourceNode must validate AudioBuffer in .buffer attribute setter

Modified: trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl (94883 => 94884)


--- trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl	2011-09-09 23:05:18 UTC (rev 94883)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl	2011-09-09 23:05:27 UTC (rev 94884)
@@ -16,8 +16,11 @@
 if ($cgi->param('custom-header')) {
     print $cgi->param('custom-header') . "\n";
 }
-print "Content-Type: text/html; charset=UTF-8\n\n";
 
+print "Content-Type: text/html; charset=";
+print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8";
+print "\n\n";
+
 print "<!DOCTYPE html>\n";
 print "<html>\n";
 if ($cgi->param('relay-target-ids-for-event')) {

Added: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt (0 => 94884)


--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt	2011-09-09 23:05:27 UTC (rev 94884)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 1: Refused to execute a _javascript_ script. Source code of script found within request.
+
+

Added: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5.html (0 => 94884)


--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5.html	2011-09-09 23:05:27 UTC (rev 94884)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+    layoutTestController.setXSSAuditorEnabled(true);
+}
+</script>
+</head>
+<body>
+<iframe src=""
+</body>
+</html>

Added: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt (0 => 94884)


--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt	2011-09-09 23:05:27 UTC (rev 94884)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 1: Refused to execute a _javascript_ script. Source code of script found within request.
+
+

Added: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis.html (0 => 94884)


--- trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis.html	2011-09-09 23:05:27 UTC (rev 94884)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+    layoutTestController.setXSSAuditorEnabled(true);
+}
+</script>
+</head>
+<body>
+<iframe src=""
+</body>
+</html>

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

[webkit-changes] [94884] trunk/LayoutTests

Log Message

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (94883 => 94884)

Modified: trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl (94883 => 94884)

Added: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt (0 => 94884)

Added: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-big5.html (0 => 94884)

Added: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt (0 => 94884)

Added: trunk/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis.html (0 => 94884)

Reply via email to