XSSAuditor should strip formaction attributes from input and button elements.
[WebKit-https.git] / LayoutTests / ChangeLog
index eeae1ac..fb2bd15 100644 (file)
@@ -1,3 +1,17 @@
+2013-02-28  Mike West  <mkwst@chromium.org>
+
+        XSSAuditor should strip formaction attributes from input and button elements.
+        https://bugs.webkit.org/show_bug.cgi?id=110975
+
+        Reviewed by Daniel Bates.
+
+        * http/tests/security/xssAuditor/formaction-on-button-expected.txt: Added.
+        * http/tests/security/xssAuditor/formaction-on-button.html: Added.
+        * http/tests/security/xssAuditor/formaction-on-input-expected.txt: Added.
+        * http/tests/security/xssAuditor/formaction-on-input.html: Added.
+        * http/tests/security/xssAuditor/resources/echo-intertag.pl:
+            Support 'showFormaction' as a new option to write out formaction values.
+
 2013-02-28  Takashi Toyoshima  <toyoshim@chromium.org>
 
         Unreviewed gardening, clean up expectations to remove lint errors #1.