RESOLVED FIXED 26776
Write more XSSAuditor tests
https://bugs.webkit.org/show_bug.cgi?id=26776
Summary Write more XSSAuditor tests
Daniel Bates
Reported 2009-06-27 16:17:04 PDT
Additional test cases adapted from http://webblaze.org/dbates/. +++ This bug was initially created as a clone of Bug #26589 +++ I kind of skimped on the XSSAuditor test in the first patch. We should add some more coverage. Dan Bates has a lot of good test cases here: http://webblaze.org/dbates/ I'll try to adapt as many of them as possible to the LayoutTest framework.
Attachments
More test cases (25.34 KB, patch)
2009-06-27 16:38 PDT, Daniel Bates
abarth: review-
More test cases (24.79 KB, patch)
2009-06-27 16:57 PDT, Daniel Bates
no flags
More test cases (24.78 KB, patch)
2009-06-27 17:16 PDT, Daniel Bates
abarth: review+
Daniel Bates
Comment 1 2009-06-27 16:38:14 PDT
Created attachment 31981 [details] More test cases More test cases for XSSAuditor. Adapted from my collection at http://webblaze.org/dbates/.
Adam Barth
Comment 2 2009-06-27 16:49:03 PDT
Comment on attachment 31981 [details] More test cases Yay! Tests === the awesome. > +function getXMLHTTPRequest() { > +function sendRequest(url, params, HTTPMethod) { What's the point of these functions? They don't seem to be used... > +function sendRequestFromIFrame(url, params, HTTPMethod) { > + if (!params || params.length == 0) { > + return; > + } Please convert all the tabs to spaces. (Four space indent.) > + var iFrameObj = document.createElement('iframe'); > + with(iFrameObj) { > + id = "_ffiFrame"; > + height = "1"; > + width = "1"; > + style.visibility = "hidden"; > + } Yuck. Please don't use |width|. Just assign the properties of iFrameObj. (Also, you can use an simpler name, like frame.)
Daniel Bates
Comment 3 2009-06-27 16:57:25 PDT
Created attachment 31982 [details] More test cases Cleaned up utilities.js.
Adam Barth
Comment 4 2009-06-27 17:01:09 PDT
Comment on attachment 31982 [details] More test cases I'm just nit picking at this point, but why do you say > + with(iFrameObj) { > + id = "frame"; > + } instead of iFrameObj.id = "frame" ? The |with| keyword is really slow and unpredictable. Adam
Daniel Bates
Comment 5 2009-06-27 17:03:52 PDT
Oops. I'll change it and also remove the braces from lines "if (!params || params.length == 0)" and "if (!HTTPMethod)". Then I'll post again. (In reply to comment #4) > (From update of attachment 31982 [details] [review]) > I'm just nit picking at this point, but why do you say > > > + with(iFrameObj) { > > + id = "frame"; > > + } > > instead of iFrameObj.id = "frame" ? The |with| keyword is really slow and > unpredictable. > > Adam >
Daniel Bates
Comment 6 2009-06-27 17:16:04 PDT
Created attachment 31983 [details] More test cases Changed utilities.js to conform to coding style guidelines.
Adam Barth
Comment 7 2009-06-27 17:22:46 PDT
Comment on attachment 31983 [details] More test cases Awesome! Thanks Dan!
Adam Barth
Comment 8 2009-06-27 17:32:59 PDT
Sending LayoutTests/ChangeLog Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html Adding LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-URL.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL.html Adding LayoutTests/http/tests/security/xssAuditor/dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script1-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script1.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script2-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script2.html Adding LayoutTests/http/tests/security/xssAuditor/faux-script3-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/faux-script3.html Adding LayoutTests/http/tests/security/xssAuditor/get-from-iframe-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/get-from-iframe.html Adding LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/malformed-HTML.html Adding LayoutTests/http/tests/security/xssAuditor/post-from-iframe-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/post-from-iframe.html Adding LayoutTests/http/tests/security/xssAuditor/resources/anchor-url-dom-write-location-click.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-URL.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-innerHTML.html Adding LayoutTests/http/tests/security/xssAuditor/resources/echo-dom-write-location.html Adding LayoutTests/http/tests/security/xssAuditor/resources/utilities.js Transmitting file data .................................. Committed revision 45314.
Note You need to log in before you can comment on or make changes to this bug.