third_party/blink/web_tests/http/tests/security/xssAuditor/script-tag-with-actual-comma.html - chromium/src.git - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
 <script>
 if (window.testRunner) {
   testRunner.dumpAsText();
   testRunner.setXSSAuditorEnabled(true);
 }
 </script>
 </head>
 <body>
 <iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>/**/0,0/*,*/-alert(0)</script>">
 </iframe>
 <p>Test that the XSSAuditor's tolerance for the IIS webserver's comma concatenation doesn't open holes when the reflected argument
 contains an actual comma. The test passes if the XSSAuditor logs console messages and no alerts fire.</p>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<script>
	if (window.testRunner) {
	testRunner.dumpAsText();
	testRunner.setXSSAuditorEnabled(true);
	}
	</script>
	</head>
	<body>
	<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=<script>/*/0,0/,*/-alert(0)</script>">
	</iframe>
	<p>Test that the XSSAuditor's tolerance for the IIS webserver's comma concatenation doesn't open holes when the reflected argument
	contains an actual comma. The test passes if the XSSAuditor logs console messages and no alerts fire.</p>
	</body>
	</html>