| CONSOLE ERROR: line 5: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/nph-cached.pl?q=%3cscript%3ealert(/XSS/);%3c/script%3e' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior. |
| CONSOLE ERROR: line 5: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/nph-cached.pl?q=%3cscript%3ealert(/XSS/);%3c/script%3e' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior. |
| Check that an X-XSS-Protection header added by a 304 response does not override one from the original request. |
| |
| On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". |
| |
| Two console messages should be generated, noting that JavaScript was blocked. |
| Check that the nonce is the same, meaning that the document was only generated once: |
| PASS frame1.contentDocument.querySelector("input").value == frame2.contentDocument.querySelector("input").value is true |
| PASS successfullyParsed is true |
| |
| TEST COMPLETE |
| |
| |
