1CONSOLE MESSAGE: line 3: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-property.pl?clutter=5xyzblah&q=%22%20onload=alert(1)-%22' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
1CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?inHead=1&q=%3Cframeset%3E%3Cframe%20src='data:text/html,%3Cscript%3Ealert(0)%3C/script%3E'%3E%3C/frameset%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
Issue 23441066: XSSAuditor bypass with frameset tags.
(Closed)
Created 7 years, 3 months ago by Tom Sepez
Modified 7 years, 3 months ago
Reviewers: abarth-chromium
Base URL: svn://svn.chromium.org/blink/trunk
Comments: 2
Chromium Code Reviews
Issue 23441066:
XSSAuditor bypass with frameset tags. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk