Add a test case for crbug.com/2074:

DBCS invalid multi-byte over-consumptionleads to XSS vectors http://codereview.chromium.org/15059/show patch by xiaolu@chromium.org Bug=5271 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@7528 0039d316-1c4b-4281-b951-d872f2087c98
author: jungshik@google.com <jungshik@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2008-12-31 08:52:40 +0000
committer: jungshik@google.com <jungshik@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2008-12-31 08:52:40 +0000
commit: bb66460c2372e1507e7f58f62ea5a09f9b8f5f57 (patch)
tree: b85828f12fb5736537e733c63487f4077a0ed96a
parent: 38ab3bf0e0011f6227a9d703893a838bcafba055 (diff)
download: chromium_src-bb66460c2372e1507e7f58f62ea5a09f9b8f5f57.zip
chromium_src-bb66460c2372e1507e7f58f62ea5a09f9b8f5f57.tar.gz
chromium_src-bb66460c2372e1507e7f58f62ea5a09f9b8f5f57.tar.bz2
2 files changed, 55 insertions, 0 deletions
diff --git a/webkit/data/layout_tests/chrome/fast/encoding/Invalid-multi-byte-over-consumption-expected.txt b/webkit/data/layout_tests/chrome/fast/encoding/Invalid-multi-byte-over-consumption-expected.txt
new file mode 100644
index 0000000..aa7e3aca
--- /dev/null
+++ b/webkit/data/layout_tests/chrome/fast/encoding/Invalid-multi-byte-over-consumption-expected.txt
@@ -0,0 +1,6 @@
+Test if an invalid multi-byte sequence is onverconsumed leading to an XSS vector
+
+ABCD" onchange="test='Failed'" using malformed byte sequence 0x83 0x22
+Passed
+
+
diff --git a/webkit/data/layout_tests/chrome/fast/encoding/Invalid-multi-byte-over-consumption.html b/webkit/data/layout_tests/chrome/fast/encoding/Invalid-multi-byte-over-consumption.html
new file mode 100644
index 0000000..72f1dee
--- /dev/null
+++ b/webkit/data/layout_tests/chrome/fast/encoding/Invalid-multi-byte-over-consumption.html
@@ -0,0 +1,49 @@
+<html>
+<head>
+<meta http-equiv="content-type" content="text/htm; charset=Shift-JIS">
+<script language="javascript">
+	if (window.layoutTestController) 
+	{
+	    layoutTestController.dumpAsText();
+	    layoutTestController.waitUntilDone();
+	}
+	
+	var test = "Passed";
+ 
+	function runTest() 
+	{
+		var t=document.getElementById("input1");
+ 
+		if	(document.all)  
+		{  
+			t.fireEvent("onchange");  
+		}  
+		else  
+		{  
+			var evt = document.createEvent("HTMLEvents");  
+			evt.initEvent("change",true,true);  
+			t.dispatchEvent(evt);  
+		}
+     
+		var r = document.getElementById("result");
+ 
+		if (test=="Passed")
+		{
+			r.innerHTML = "Passed";
+		}
+		else
+		{
+			r.innerHTML = "Failed";
+		}
+	}
+
+	if (window.layoutTestController)
+	    layoutTestController.notifyDone();
+</script>
+</head>
+<body onload="runTest();">
+<p>Test if an invalid multi-byte sequence is onverconsumed leading to an
+XSS vector</p>
+<input id="input1" src="" type="xssƒ">ABCD" onchange="test='Failed'" using malformed byte sequence 0x83 0x22<br>
+<div id="result"></div>
+</body>
+\ No newline at end of file
author	jungshik@google.com <jungshik@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2008-12-31 08:52:40 +0000
committer	jungshik@google.com <jungshik@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2008-12-31 08:52:40 +0000
commit	bb66460c2372e1507e7f58f62ea5a09f9b8f5f57 (patch)
tree	b85828f12fb5736537e733c63487f4077a0ed96a
parent	38ab3bf0e0011f6227a9d703893a838bcafba055 (diff)
download	chromium_src-bb66460c2372e1507e7f58f62ea5a09f9b8f5f57.zip chromium_src-bb66460c2372e1507e7f58f62ea5a09f9b8f5f57.tar.gz chromium_src-bb66460c2372e1507e7f58f62ea5a09f9b8f5f57.tar.bz2