| Summary: | Write more XSSAuditor tests | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Daniel Bates <dbates> | ||||||||
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> | ||||||||
| Status: | RESOLVED FIXED | ||||||||||
| Severity: | Normal | CC: | abarth, dbates, sam | ||||||||
| Priority: | P2 | ||||||||||
| Version: | 528+ (Nightly build) | ||||||||||
| Hardware: | All | ||||||||||
| OS: | All | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Daniel Bates
2009-06-27 16:17:04 PDT
Created attachment 31981 [details] More test cases More test cases for XSSAuditor. Adapted from my collection at http://webblaze.org/dbates/. Comment on attachment 31981 [details] More test cases Yay! Tests === the awesome. > +function getXMLHTTPRequest() { > +function sendRequest(url, params, HTTPMethod) { What's the point of these functions? They don't seem to be used... > +function sendRequestFromIFrame(url, params, HTTPMethod) { > + if (!params || params.length == 0) { > + return; > + } Please convert all the tabs to spaces. (Four space indent.) > + var iFrameObj = document.createElement('iframe'); > + with(iFrameObj) { > + id = "_ffiFrame"; > + height = "1"; > + width = "1"; > + style.visibility = "hidden"; > + } Yuck. Please don't use |width|. Just assign the properties of iFrameObj. (Also, you can use an simpler name, like frame.) Created attachment 31982 [details]
More test cases
Cleaned up utilities.js.
Comment on attachment 31982 [details] More test cases I'm just nit picking at this point, but why do you say > + with(iFrameObj) { > + id = "frame"; > + } instead of iFrameObj.id = "frame" ? The |with| keyword is really slow and unpredictable. Adam Oops. I'll change it and also remove the braces from lines "if (!params || params.length == 0)" and "if (!HTTPMethod)". Then I'll post again. (In reply to comment #4) > (From update of attachment 31982 [details] [review]) > I'm just nit picking at this point, but why do you say > > > + with(iFrameObj) { > > + id = "frame"; > > + } > > instead of iFrameObj.id = "frame" ? The |with| keyword is really slow and > unpredictable. > > Adam > Created attachment 31983 [details]
More test cases
Changed utilities.js to conform to coding style guidelines.
Comment on attachment 31983 [details]
More test cases
Awesome! Thanks Dan!
Sending LayoutTests/ChangeLog Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-URL.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script1-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script1.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script2-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script2.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script3-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script3.html Adding LayoutTests/http/tests/security/xssAuditor/get-from-iframe-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/get-from-iframe.html Adding LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/malformed-HTML.html Adding LayoutTests/http/tests/security/xssAuditor/post-from-iframe-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/post-from-iframe.html Adding LayoutTests/http/tests/security/xssAuditor/resources/anchor-url-dom-write-location-click.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-URL.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-innerHTML.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/resources/utilities.js Transmitting file data .................................. Committed revision 45314. |