2009-09-21 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Sep 2009 04:57:10 +0000 (04:57 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Sep 2009 04:57:10 +0000 (04:57 +0000)
        Reviewed by Alexey Proskuryakov.

        add a layout test for mishandling of an invalid sequence in multibyte
        encodings
        https://bugs.webkit.org/show_bug.cgi?id=27395

        * fast/encoding/invalid-multi-byte-over-consumption-expected.txt: Added.
        * fast/encoding/invalid-multi-byte-over-consumption.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@48618 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/encoding/invalid-multi-byte-over-consumption-expected.txt [new file with mode: 0644]
LayoutTests/fast/encoding/invalid-multi-byte-over-consumption.html [new file with mode: 0644]

index c8b5879..2be4070 100644 (file)
@@ -1,3 +1,14 @@
+2009-09-21  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        add a layout test for mishandling of an invalid sequence in multibyte
+        encodings
+        https://bugs.webkit.org/show_bug.cgi?id=27395
+
+        * fast/encoding/invalid-multi-byte-over-consumption-expected.txt: Added.
+        * fast/encoding/invalid-multi-byte-over-consumption.html: Added.
+
 2009-09-21  Brian Weinstein  <bweinstein@apple.com>
 
         Reviewed by Sam Weinig.
diff --git a/LayoutTests/fast/encoding/invalid-multi-byte-over-consumption-expected.txt b/LayoutTests/fast/encoding/invalid-multi-byte-over-consumption-expected.txt
new file mode 100644 (file)
index 0000000..4d542ab
--- /dev/null
@@ -0,0 +1,4 @@
+Test if an invalid multi-byte sequence is onverconsumed leading to an XSS vector
+
+ABCD" onchange="test='Failed'" using malformed byte sequence 0x83 0x22
+Passed
diff --git a/LayoutTests/fast/encoding/invalid-multi-byte-over-consumption.html b/LayoutTests/fast/encoding/invalid-multi-byte-over-consumption.html
new file mode 100644 (file)
index 0000000..60d7f0c
--- /dev/null
@@ -0,0 +1,34 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=Shift_JIS">
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+var test = "Passed";
+
+function runTest() {
+    var t = document.getElementById("input1");
+    if (document.all)  {  
+        t.fireEvent("onchange");  
+    } else {  
+        var evt = document.createEvent("HTMLEvents");  
+        evt.initEvent("change",true,true);  
+        t.dispatchEvent(evt);  
+    }
+    var r = document.getElementById("result");
+
+    if (test=="Passed")
+        r.innerHTML = "Passed";
+    else
+        r.innerHTML = "Failed";
+}
+</script>
+</head>
+<body onload="runTest();">
+<p>Test if an invalid multi-byte sequence is onverconsumed leading to an
+XSS vector</p>
+<input id="input1" src="" type="xss�">ABCD" onchange="test='Failed'" using malformed byte sequence 0x83 0x22<br>
+<div id="result"></div>
+</body>