diff options
| author | olehougaard@google.com <olehougaard@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-17 12:16:40 +0000 |
|---|---|---|
| committer | olehougaard@google.com <olehougaard@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-17 12:16:40 +0000 |
| commit | 0c4bfbd9655bc99c0fd92f6476c3c2915cca0004 (patch) | |
| tree | cec60a795feb87db1838fba7e1a684522bb5afb4 /webkit | |
| parent | 7b4802fc31fbb0daf8e67cf838e46acd9c23fbaa (diff) | |
| download | chromium_src-0c4bfbd9655bc99c0fd92f6476c3c2915cca0004.zip chromium_src-0c4bfbd9655bc99c0fd92f6476c3c2915cca0004.tar.gz chromium_src-0c4bfbd9655bc99c0fd92f6476c3c2915cca0004.tar.bz2 | |
Rebaselining xss-eval test to match our error reporting.
Review URL: http://codereview.chromium.org/11403
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5558 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit')
3 files changed, 18 insertions, 1 deletions
diff --git a/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/README b/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/README index 788b1c3..9f3cf78 100644 --- a/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/README +++ b/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/README @@ -24,3 +24,8 @@ cross-frame-access-call-expected.txt =============================================================== Error message differs because we don't have window.openDatabase. The error message from showModalDialog is more sane than the layout tests expect. + +xss-eval-expected.txt +=============================================================== +Differs only in error message. LayoutTest expects an EvalError where we detect +and report an xss attempt. diff --git a/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/xss-eval-expected.txt b/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/xss-eval-expected.txt new file mode 100644 index 0000000..bc4157c --- /dev/null +++ b/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/xss-eval-expected.txt @@ -0,0 +1,13 @@ +CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/xss-eval3.html from frame with URL http://127.0.0.1:8000/security/xss-eval.html. Domains, protocols and ports must match. + +CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/xss-eval3.html from frame with URL http://127.0.0.1:8000/security/xss-eval.html. Domains, protocols and ports must match. + +This page verifies that you can't use eval to subvert cross-domain checks. + +If the test passes, you'll see a pass message below. + +PASS: eval.call(frames[0], 'document') should be EvalError and is. +PASS: childEval.call(frames[0], 'document') should be EvalError and is. +PASS: childEvalCaller('document') should be TypeError and is. +FAIL: childLocalEvalCaller('document') should be EvalError but instead is undefined. + diff --git a/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt b/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt index 8f38b12..11d9575 100644 --- a/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt +++ b/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt @@ -724,7 +724,6 @@ LayoutTests/fast/transforms/shadows.html = FAIL LayoutTests/http/tests/misc/acid3.html = FAIL LayoutTests/http/tests/security/canvas-remote-read-svg-image.html = FAIL LayoutTests/http/tests/security/xss-DENIED-synchronous-form.html = FAIL -LayoutTests/http/tests/security/xss-eval.html = FAIL LayoutTests/http/tests/xmlhttprequest/access-control-basic-allow-preflight-cache-invalidation-by-method.html = FAIL LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-no-content-length-onProgress.html = FAIL LayoutTests/media/progress-event-total.html = FAIL |