Support X-XSS-Protection: report=URL header syntax in XSSAuditor.
[WebKit-https.git] / LayoutTests / http / tests / security / xssAuditor / malformed-xss-protection-header-5.html
1 <!DOCTYPE html>
2 <html>
3 <head>
4 <script src="http://localhost:8000/security/xssAuditor/resources/utilities.js"></script>
5 <script>
6 if (window.testRunner) {
7     testRunner.dumpAsText();
8     testRunner.dumpChildFramesAsText();
9     testRunner.waitUntilDone();
10     testRunner.setXSSAuditorEnabled(true);
11 }
12 </script>
13 </head>
14 <body>
15 <p>This tests that the X-XSS-Protection header is not ignored when there is an incomplete report url following mode=block, and we issue an error</p>
16 <iframe id="frame" onload="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?notifyDone=1&malformed-header=5&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message and no JavaScript alert() then the test PASSED.</p>">
17 </iframe>
18 </body>
19 </html>