XSS Auditor bypass via svg tags and xlink:href
[WebKit-https.git] / LayoutTests / http / tests / security / xssAuditor / svg-script-tag.html
1 <!DOCTYPE html>
2 <html>
3 <head>
4 <script>
5 if (window.testRunner) {
6   testRunner.dumpAsText();
7   testRunner.setXSSAuditorEnabled(true);
8 }
9 </script>
10 </head>
11 <body>
12 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3csvg%3e%3cscript%20XLinK:href='data:text/html,alert(0)'%3e%3c/script%3e%3c/svg%3e">
13 </iframe>
14 </body>
15 </html>