Fix xssAuditor/form-action.html
Created attachment 82703 [details] Patch
Comment on attachment 82703 [details] Patch That diff looks strange due to the file previously being empty. But looks good.
Comment on attachment 82703 [details] Patch Clearing flags on attachment: 82703 Committed r78780: <http://trac.webkit.org/changeset/78780>
All reviewed patches have been landed. Closing bug.
+ We should block form actions. Although this technically can't be used + to run script, it's a pretty easy vector for stealing passwords. Doesn't the error message get too confusing then? +CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
Yep. We should tailor the error message to what was blocked.