New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 657737 link

Starred by 3 users

Issue metadata

Status: Fixed
Owner:
OOO until 4th
Closed: Feb 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Launch-OWP
Launch-Accessibility: ----
Launch-Exp-Leadership: ----
Launch-Leadership: ----
Launch-Legal: ----
Launch-M-Approved: ----
Launch-M-Target: ----
Launch-Privacy: ----
Launch-Security: ----
Launch-Test: ----
Launch-UI: ----
Rollout-Type: ----



Sign in to add a comment

Deprecate and remove CSP's `reflected-xss` directive.

Project Member Reported by mkwst@chromium.org, Oct 20 2016

Issue description

Early drafts of CSP2 contained a `reflected-xss` directive, which is little more than syntactic sugar for the `X-XSS-Protection` header. It offered no additional functionality beyond that header, just a better syntax. I shipped our implementation as part of shipping CSP2 (https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/wToP6b04zVE/imuPatGy3awJ). I should have undone that in 2015 when we dropped the directive from the CR draft. I'd like to undo it now
 
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 24 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1a6748ba9cfb1bb961e5f62580c30958bca5d55f

commit 1a6748ba9cfb1bb961e5f62580c30958bca5d55f
Author: mkwst <mkwst@chromium.org>
Date: Mon Oct 24 11:05:58 2016

Remove the 'reflected-xss' directive from CSP.

This was removed from CSP2, never added to CSP3, and will not ship in
any other browser. We should remove it, as it is completely redundant
with `X-XSS-Protection`, which is never going away.

Intent to Remove: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/gjB93RpF6JY

R=jochen@chromium.org
BUG= 657737 

Review-Url: https://codereview.chromium.org/2428473004
Cr-Commit-Position: refs/heads/master@{#427040}

[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/fast/frames/xss-auditor-handles-file-urls-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing-expected.txt
[delete] https://crrev.com/18d3734940ccbc96eff5246e2d6235145d44a59e/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing.html
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location2-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-control-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-null-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-unterminated-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/cookie-injection-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/dom-write-URL-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/dom-write-location-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/dom-write-location-inline-event-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/dom-write-location-javascript-URL-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-2-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/embed-tag-code-attribute-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/embed-tag-in-path-unterminated-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/form-action-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/formaction-on-button-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/formaction-on-input-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/frameset-injection-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-no-inherit-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/get-from-iframe-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/html5-import-CORS-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/html5-import-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/html5-import-list-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/html5-import-sol-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-injection-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-more-encoding-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-javascript-url-url-encoded-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-onload-GBK-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-onload-in-svg-tag-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-srcdoc-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/iframe-srcdoc-property-blocked-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/img-onerror-GBK-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char-default-encoding-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-default-encoding-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/img-tag-with-comma-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/inline-event-HTML-entities-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-HTML-entities-control-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-HTML-entities-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-HTML-entities-named-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-HTML-entities-null-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-ampersand-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-control-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-control-char2-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-null-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-one-plus-one-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/javascript-link-url-encoded-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/link-onclick-ampersand-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/link-onclick-control-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/link-onclick-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/link-onclick-null-char-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/link-opens-new-window-expected.txt
[modify] https://crrev.com/1a6748ba9cfb1bb961e5f62580c30958bca5d55f/third_pa

Comment 2 by rbyers@chromium.org, Nov 18 2016

Components: Blink>SecurityFeature

Comment 3 by mkwst@chromium.org, Feb 23 2017

Status: Fixed (was: Assigned)

Sign in to add a comment