XSSAuditor::decodedSnippetForJavaScript stopping when comma encountered.
[WebKit-https.git] / LayoutTests / http / tests / security / xssAuditor / script-tag-with-actual-comma.html
1 <!DOCTYPE html>
2 <html>
3 <head>
4 <script>
5 if (window.testRunner) {
6   testRunner.dumpAsText();
7   testRunner.setXSSAuditorEnabled(true);
8 }
9 </script>
10 </head>
11 <body>
12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>/**/0,0/*,*/-alert(0)</script>">
13 </iframe>
14 <p>Test that the XSSAuditor's tolerance for the IIS webserver's comma concatenation doesn't open holes when the reflected argument
15 contains an actual comma. The test passes if the XSSAuditor logs console messages and no alerts fire.</p>
16 </body>
17 </html>