Chrome 21.0.1180.57 beta has false positives for URLs containing %3Ciframe%20src=%22 as a query parameter.
... and for which the page naturally contains an <iframe ... src="">
Created attachment 158652 [details] Test cases
Created attachment 171933 [details] Patch Might as well take care of this one while I'm active in the XSSAuditor.
Comment on attachment 171933 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=171933&action=review > LayoutTests/http/tests/security/xssAuditor/iframe-injection-allowed.html:7 > + testRunner.dumpAsText(); > + testRunner.setXSSAuditorEnabled(true); nit: four-space indent.
Comment on attachment 171933 [details] Patch Clearing flags on attachment: 171933 Committed r133249: <http://trac.webkit.org/changeset/133249>
All reviewed patches have been landed. Closing bug.