Additional test cases adapted from http://webblaze.org/dbates/. +++ This bug was initially created as a clone of Bug #26589 +++ I kind of skimped on the XSSAuditor test in the first patch. We should add some more coverage. Dan Bates has a lot of good test cases here: http://webblaze.org/dbates/ I'll try to adapt as many of them as possible to the LayoutTest framework.
Created attachment 31981 [details] More test cases More test cases for XSSAuditor. Adapted from my collection at http://webblaze.org/dbates/.
Comment on attachment 31981 [details] More test cases Yay! Tests === the awesome. > +function getXMLHTTPRequest() { > +function sendRequest(url, params, HTTPMethod) { What's the point of these functions? They don't seem to be used... > +function sendRequestFromIFrame(url, params, HTTPMethod) { > + if (!params || params.length == 0) { > + return; > + } Please convert all the tabs to spaces. (Four space indent.) > + var iFrameObj = document.createElement('iframe'); > + with(iFrameObj) { > + id = "_ffiFrame"; > + height = "1"; > + width = "1"; > + style.visibility = "hidden"; > + } Yuck. Please don't use |width|. Just assign the properties of iFrameObj. (Also, you can use an simpler name, like frame.)
Created attachment 31982 [details] More test cases Cleaned up utilities.js.
Comment on attachment 31982 [details] More test cases I'm just nit picking at this point, but why do you say > + with(iFrameObj) { > + id = "frame"; > + } instead of iFrameObj.id = "frame" ? The |with| keyword is really slow and unpredictable. Adam
Oops. I'll change it and also remove the braces from lines "if (!params || params.length == 0)" and "if (!HTTPMethod)". Then I'll post again. (In reply to comment #4) > (From update of attachment 31982 [details] [review]) > I'm just nit picking at this point, but why do you say > > > + with(iFrameObj) { > > + id = "frame"; > > + } > > instead of iFrameObj.id = "frame" ? The |with| keyword is really slow and > unpredictable. > > Adam >
Created attachment 31983 [details] More test cases Changed utilities.js to conform to coding style guidelines.
Comment on attachment 31983 [details] More test cases Awesome! Thanks Dan!
Sending LayoutTests/ChangeLog Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-URL.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script1-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script1.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script2-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script2.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script3-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script3.html Adding LayoutTests/http/tests/security/xssAuditor/get-from-iframe-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/get-from-iframe.html Adding LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/malformed-HTML.html Adding LayoutTests/http/tests/security/xssAuditor/post-from-iframe-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/post-from-iframe.html Adding LayoutTests/http/tests/security/xssAuditor/resources/anchor-url-dom-write-location-click.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-URL.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-innerHTML.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/resources/utilities.js Transmitting file data .................................. Committed revision 45314.