blob: f024d5aa03257853af4d646ae35f7245963ffe52 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=<div><i>x</i></div>&q=<svg><script><!--&q2=-->%26%23x0a%3balert%26%23x28%3bString.fromCharCode(0x58,0x53,0x53))</script></svg>">
</iframe>
Ensures HTML entities are recognized in script blocks in a context where CDATA is allowed even with &lt;!-- comments --&gt;.
</body>
</html>