XSSAuditor should strip formaction attributes from input and button elements.
[WebKit-https.git] / LayoutTests / http / tests / security / xssAuditor / formaction-on-input.html
1 <!DOCTYPE html>
2 <html>
3 <head>
4     <script>
5         if (window.testRunner) {
6             testRunner.dumpAsText();
7             testRunner.waitUntilDone();
8             testRunner.setXSSAuditorEnabled(true);
9         }
10     </script>
11 </head>
12 <body>
13     <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<form><input%20formaction='http://example.com/'>&notifyDone=1&showFormaction=1"></iframe>
14 </body>
15 </html>
16