If XSSAuditor is enabled, then it is only enabled on windows explicitly instantiated by a user through File->New Window or File->New Tab. That is, windows instantiated through a link (i.e. have a target of "_blank") have XSSAuditor disabled. The expected behavior is for XSSAuditor to be enabled on all windows regardless of how they were instantiated.
Created attachment 31606 [details] Patch with a test
Comment on attachment 31606 [details] Patch with a test Thanks Dan! Below are some minor style nits. I'll fix them before landing the patch. > +XSSAuditor::XSSAuditor(Frame* frame) : m_frame(frame) The ": m_frame" bit should be on the next line. > + layoutTestController.dumpChildFramesAsText(); The test doesn't create any child windows, so this call doesn't do anything. > + var event = document.createEvent('MouseEvent'); > + event.initEvent('click', true, true); > + document.getElementById('anchorLink').dispatchEvent(event); I think the anchor tag has a click() method that would be eaiser, but this does the job. > +if (window.layoutTestController) { > + layoutTestController.notifyDone(); > +} No braces needed for if statements with single-line bodies.
Sending LayoutTests/ChangeLog Adding LayoutTests/http/tests/security/xssAuditor/link-opens-new-window-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/link-opens-new-window.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-and-notify.php Sending WebCore/ChangeLog Sending WebCore/page/XSSAuditor.cpp Sending WebCore/page/XSSAuditor.h Transmitting file data ....... Committed revision 44927.