blob: f2082fb9e02c107a9bea2492924a484378a4db72 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<p>This test fails because the XSSAuditor allows requests that do not contain illegal URI characters. Thus,
the XSSAuditor does not detect the injection of an inline event handler within a tag. A future update may
reinstate this functionality.</p>
<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-inner-tag.pl?q=onload=alert(String.fromCharCode(0x58,0x53,0x53))">
</iframe>
</body>
</html>