| CONSOLE ERROR: Error parsing header X-XSS-Protection: 1; report=http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php?test=report-script-tag.html: reporting URL is not same scheme, host, and port as page at character position 10. The default protections will be applied. |
| CONSOLE ERROR: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=report-script-tag.html&echo-report=1&enable-report-cross-origin=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20not%20dump%20of%20a%20report%20is%20displayed%20below,%20then%20the%20test%20PASSED.%3C/p%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior. |
| This tests that the X-XSS-Protection reports are sent out properly |
| |
| |
| |
| -------- |
| Frame: 'frame' |
| -------- |
| Could not load the requested resource. |
| Error code: -28 (net::ERR_BLOCKED_BY_XSS_AUDITOR) |
