WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
26776
Write more XSSAuditor tests
https://bugs.webkit.org/show_bug.cgi?id=26776
Summary
Write more XSSAuditor tests
Daniel Bates
Reported
2009-06-27 16:17:04 PDT
Additional test cases adapted from
http://webblaze.org/dbates/
. +++ This bug was initially created as a clone of
Bug #26589
+++ I kind of skimped on the XSSAuditor test in the first patch. We should add some more coverage. Dan Bates has a lot of good test cases here:
http://webblaze.org/dbates/
I'll try to adapt as many of them as possible to the LayoutTest framework.
Attachments
More test cases
(25.34 KB, patch)
2009-06-27 16:38 PDT
,
Daniel Bates
abarth
: review-
Details
Formatted Diff
Diff
More test cases
(24.79 KB, patch)
2009-06-27 16:57 PDT
,
Daniel Bates
no flags
Details
Formatted Diff
Diff
More test cases
(24.78 KB, patch)
2009-06-27 17:16 PDT
,
Daniel Bates
abarth
: review+
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Daniel Bates
Comment 1
2009-06-27 16:38:14 PDT
Created
attachment 31981
[details]
More test cases More test cases for XSSAuditor. Adapted from my collection at
http://webblaze.org/dbates/
.
Adam Barth
Comment 2
2009-06-27 16:49:03 PDT
Comment on
attachment 31981
[details]
More test cases Yay! Tests === the awesome.
> +function getXMLHTTPRequest() {
> +function sendRequest(url, params, HTTPMethod) {
What's the point of these functions? They don't seem to be used...
> +function sendRequestFromIFrame(url, params, HTTPMethod) { > + if (!params || params.length == 0) { > + return; > + }
Please convert all the tabs to spaces. (Four space indent.)
> + var iFrameObj = document.createElement('iframe'); > + with(iFrameObj) { > + id = "_ffiFrame"; > + height = "1"; > + width = "1"; > + style.visibility = "hidden"; > + }
Yuck. Please don't use |width|. Just assign the properties of iFrameObj. (Also, you can use an simpler name, like frame.)
Daniel Bates
Comment 3
2009-06-27 16:57:25 PDT
Created
attachment 31982
[details]
More test cases Cleaned up utilities.js.
Adam Barth
Comment 4
2009-06-27 17:01:09 PDT
Comment on
attachment 31982
[details]
More test cases I'm just nit picking at this point, but why do you say
> + with(iFrameObj) { > + id = "frame"; > + }
instead of iFrameObj.id = "frame" ? The |with| keyword is really slow and unpredictable. Adam
Daniel Bates
Comment 5
2009-06-27 17:03:52 PDT
Oops. I'll change it and also remove the braces from lines "if (!params || params.length == 0)" and "if (!HTTPMethod)". Then I'll post again. (In reply to
comment #4
)
> (From update of
attachment 31982
[details]
[review]) > I'm just nit picking at this point, but why do you say > > > + with(iFrameObj) { > > + id = "frame"; > > + } > > instead of iFrameObj.id = "frame" ? The |with| keyword is really slow and > unpredictable. > > Adam >
Daniel Bates
Comment 6
2009-06-27 17:16:04 PDT
Created
attachment 31983
[details]
More test cases Changed utilities.js to conform to coding style guidelines.
Adam Barth
Comment 7
2009-06-27 17:22:46 PDT
Comment on
attachment 31983
[details]
More test cases Awesome! Thanks Dan!
Adam Barth
Comment 8
2009-06-27 17:32:59 PDT
Sending LayoutTests/ChangeLog Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-URL.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script1-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script1.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script2-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script2.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script3-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script3.html Adding LayoutTests/http/tests/security/xssAuditor/get-from-iframe-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/get-from-iframe.html Adding LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/malformed-HTML.html Adding LayoutTests/http/tests/security/xssAuditor/post-from-iframe-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/post-from-iframe.html Adding LayoutTests/http/tests/security/xssAuditor/resources/anchor-url-dom-write-location-click.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-URL.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-innerHTML.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/resources/utilities.js Transmitting file data .................................. Committed revision 45314.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug