I kind of skimped on the XSSAuditor test in the first patch. We should add some more coverage. Dan Bates has a lot of good test cases here: http://webblaze.org/dbates/ I'll try to adapt as many of them as possible to the LayoutTest framework.
Created attachment 31630 [details] Tests! Here's a bunch of new tests. I didn't do everything on Dan's page. We can do another round at some point.
Sending LayoutTests/ChangeLog Adding LayoutTests/http/tests/security/xssAuditor/link-onclick-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/link-onclick.html Adding LayoutTests/http/tests/security/xssAuditor/property-escape-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/property-escape.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-post-and- notify.php Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-post.php Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-utf-7.php Sending LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.php Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-property.php Adding LayoutTests/http/tests/security/xssAuditor/resources/redir.php Adding LayoutTests/http/tests/security/xssAuditor/resources/xss.js Adding LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted-expected.tx t Adding LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted.html Adding LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect-expected .txt Adding LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect.html Adding LayoutTests/http/tests/security/xssAuditor/script-tag-post-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/script-tag-post.html Adding LayoutTests/http/tests/security/xssAuditor/script-tag-redirect-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/script-tag-redirect.html Adding LayoutTests/http/tests/security/xssAuditor/script-tag-utf-7-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/script-tag-utf-7.html Adding LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/script-tag-with-source.html Transmitting file data ........................ Committed revision 44977.
These test failed on Tiger and Windows. I wonder if it has to do with different versions of PHP.
Comment on attachment 31630 [details] Tests! Clearing review flag while we figure this out.
I did eventually get these to stick by converting the server-side parts to Perl.