RESOLVED FIXED 100423
Test full-block-iframe-no-inherit.php generates an invalid X-XSS-PROTECTION header. 
https://bugs.webkit.org/show_bug.cgi?id=100423
Summary Test full-block-iframe-no-inherit.php generates an invalid X-XSS-PROTECTION h...
Thomas Sepez
Reported 2012-10-25 15:08:17 PDT
I just noticed a typo in the test file full-block-iframe-no-inherit.php: <?php header("X-XSS-Protection: full-block"); ?> But since there is no full-block directive, what is meant is <?php header("X-XSS-Protection: 1; mode=block"); ?>
Attachments
Patch (1.19 KB, patch)
2012-10-25 15:33 PDT, Thomas Sepez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Thomas Sepez
Comment 1 2012-10-25 15:33:28 PDT
Created attachment 170746 [details] Patch Heh.
Adam Barth
Comment 2 2012-10-25 15:35:15 PDT
Comment on attachment 170746 [details] Patch Why didn't this test fail without this change? Should we add a new test that covers the invalid header case?
Thomas Sepez
Comment 3 2012-10-25 15:48:26 PDT
(In reply to comment #2) > (From update of attachment 170746 [details]) > Why didn't this test fail without this change? I think the test looked only for non-application to the iframe, not application to the parent frame. > Should we add a new test that covers the invalid header case? Uh, yes. Want me to fold those into this patch?
Adam Barth
Comment 4 2012-10-25 16:05:45 PDT
> Want me to fold those into this patch? Up to you. I'd probably do it in one patch, but it's not super important.
WebKit Review Bot
Comment 5 2012-10-25 20:10:05 PDT
Comment on attachment 170746 [details] Patch Clearing flags on attachment: 170746 Committed r132563: <http://trac.webkit.org/changeset/132563>
WebKit Review Bot
Comment 6 2012-10-25 20:10:08 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.