blob: 7ffdf52eb9412e7b7b3847370d8af45dd71a009c [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<p>Tests that 'Content-Security-Policy: reflected-xss filter;' enables the XSSAuditor.
This test passes if a console message is generated, and the script is blocked.</p>
<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?csp=filter&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</body>
</html>