blob: 57a522805e01a920979dd4ab6c3101c60eb545e2 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<p>Tests that 'Content-Security-Policy: reflected-xss invalid' enables the XSSAuditor.
This test passes if a console message is generated, and the script is allowed.</p>
<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?csp=invalid&amp;q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script>"></iframe>
</body>
</html>