XSSAuditor should strip formaction attributes from input and button elements.
[WebKit-https.git] / LayoutTests / http / tests / security / xssAuditor / resources / echo-intertag.pl
index 93ece45..c6139b4 100755 (executable)
@@ -97,6 +97,13 @@ if ($cgi->param('showAction')) {
     print "    alert('Form action set to ' + document.forms[0].action);\n";
     print "</script>\n";
 }
+if ($cgi->param('showFormaction')) {
+    print "<script>\n";
+    print "    var e = document.querySelector('[formaction]');\n";
+    print "    if (e)\n";
+    print "        alert('formaction present on ' + e.nodeName + ' with value of ' + e.getAttribute('formaction'));\n";
+    print "</script>\n";
+}
 if ($cgi->param('notifyDone')) {
     print "<script>\n";
     print "if (window.testRunner)\n";