Several changes needed to make the XSS in these test cases fire against actual vulnerable browser: - %24 appears in a few places where %23 is required. - Appears webkit's httpd will terminate query parameters at unencoded semicolons ( ; ) - Misordered </svg></script> tags. The tests are still valid, but it is more intuitive to see the XSS pop up.
Created attachment 136937 [details] Patch Only tests modified.
Comment on attachment 136937 [details] Patch Clearing flags on attachment: 136937 Committed r114010: <http://trac.webkit.org/changeset/114010>
All reviewed patches have been landed. Closing bug.