26589 – Write more XSSAuditor tests

Bug 26589 - Write more XSSAuditor tests

Summary: Write more XSSAuditor tests

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-06-21 14:40 PDT by Adam Barth
Modified:	2009-06-27 08:48 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Tests! (20.20 KB, patch) 2009-06-21 19:48 PDT, Adam Barth	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Barth 2009-06-21 14:40:19 PDT

I kind of skimped on the XSSAuditor test in the first patch.  We should add some more coverage.  Dan Bates has a lot of good test cases here:

http://webblaze.org/dbates/

I'll try to adapt as many of them as possible to the LayoutTest framework.

Comment 1 Adam Barth 2009-06-21 19:48:02 PDT

Created attachment 31630 [details]
Tests!

Here's a bunch of new tests.  I didn't do everything on Dan's page.  We can do another round at some point.

Comment 2 Adam Barth 2009-06-23 00:25:40 PDT

Sending        LayoutTests/ChangeLog
Adding         LayoutTests/http/tests/security/xssAuditor/link-onclick-expected.txt
Adding         LayoutTests/http/tests/security/xssAuditor/link-onclick.html
Adding         LayoutTests/http/tests/security/xssAuditor/property-escape-expected.txt
Adding         LayoutTests/http/tests/security/xssAuditor/property-escape.html
Adding         LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-post-and-
notify.php
Adding         LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-post.php
Adding         LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-utf-7.php
Sending        LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.php
Adding         LayoutTests/http/tests/security/xssAuditor/resources/echo-property.php
Adding         LayoutTests/http/tests/security/xssAuditor/resources/redir.php
Adding         LayoutTests/http/tests/security/xssAuditor/resources/xss.js
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted-expected.tx
t
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-convoluted.html
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect-expected
.txt
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-open-redirect.html
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-post-expected.txt
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-post.html
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-redirect-expected.txt
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-redirect.html
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-utf-7-expected.txt
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-utf-7.html
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-expected.txt
Adding         LayoutTests/http/tests/security/xssAuditor/script-tag-with-source.html
Transmitting file data ........................
Committed revision 44977.

Comment 3 Adam Barth 2009-06-23 00:49:34 PDT

These test failed on Tiger and Windows.  I wonder if it has to do with different versions of PHP.

Comment 4 Adam Barth 2009-06-23 00:49:53 PDT

Comment on attachment 31630 [details]
Tests!

Clearing review flag while we figure this out.

Comment 5 Adam Barth 2009-06-27 08:48:26 PDT

I did eventually get these to stick by converting the server-side parts to Perl.