summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/README5
-rw-r--r--webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/xss-eval-expected.txt13
-rw-r--r--webkit/tools/layout_tests/test_lists/win/tests_fixable.txt1
3 files changed, 18 insertions, 1 deletions
diff --git a/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/README b/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/README
index 788b1c3..9f3cf78 100644
--- a/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/README
+++ b/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/README
@@ -24,3 +24,8 @@ cross-frame-access-call-expected.txt
===============================================================
Error message differs because we don't have window.openDatabase.
The error message from showModalDialog is more sane than the layout tests expect.
+
+xss-eval-expected.txt
+===============================================================
+Differs only in error message. LayoutTest expects an EvalError where we detect
+and report an xss attempt.
diff --git a/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/xss-eval-expected.txt b/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/xss-eval-expected.txt
new file mode 100644
index 0000000..bc4157c
--- /dev/null
+++ b/webkit/data/layout_tests/platform/chromium-win/LayoutTests/http/tests/security/xss-eval-expected.txt
@@ -0,0 +1,13 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/xss-eval3.html from frame with URL http://127.0.0.1:8000/security/xss-eval.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/xss-eval3.html from frame with URL http://127.0.0.1:8000/security/xss-eval.html. Domains, protocols and ports must match.
+
+This page verifies that you can't use eval to subvert cross-domain checks.
+
+If the test passes, you'll see a pass message below.
+
+PASS: eval.call(frames[0], 'document') should be EvalError and is.
+PASS: childEval.call(frames[0], 'document') should be EvalError and is.
+PASS: childEvalCaller('document') should be TypeError and is.
+FAIL: childLocalEvalCaller('document') should be EvalError but instead is undefined.
+
diff --git a/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt b/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt
index 8f38b12..11d9575 100644
--- a/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt
+++ b/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt
@@ -724,7 +724,6 @@ LayoutTests/fast/transforms/shadows.html = FAIL
LayoutTests/http/tests/misc/acid3.html = FAIL
LayoutTests/http/tests/security/canvas-remote-read-svg-image.html = FAIL
LayoutTests/http/tests/security/xss-DENIED-synchronous-form.html = FAIL
-LayoutTests/http/tests/security/xss-eval.html = FAIL
LayoutTests/http/tests/xmlhttprequest/access-control-basic-allow-preflight-cache-invalidation-by-method.html = FAIL
LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-no-content-length-onProgress.html = FAIL
LayoutTests/media/progress-event-total.html = FAIL
generated by cgit v1.1 at 2025-03-11 03:06:49 +0000