blob: 87c4645fc252d82bfd85d5c65bb8888b84eb8b28 [file] [log] [blame]
CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/nph-cached.pl?q=%3cscript%3ealert(/XSS/);%3c/script%3e' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
CONSOLE MESSAGE: line 5: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/nph-cached.pl?q=%3cscript%3ealert(/XSS/);%3c/script%3e' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
Check that an X-XSS-Protection header added by a 304 response does not override one from the original request.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Two console messages should be generated, noting that JavaScript was blocked.
Check that the nonce is the same, meaning that the document was only generated once:
PASS frame1.contentDocument.querySelector("input").value == frame2.contentDocument.querySelector("input").value is true
PASS successfullyParsed is true
TEST COMPLETE