[webkit-reviews] review granted: [Bug 26921] [XSSAuditor] HTML entities can bypass xssAuditor : [Attachment 32602] Working patch with tests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 10 23:42:07 PDT 2009
Adam Barth <abarth at webkit.org> has granted Daniel Bates <dbates at berkeley.edu>'s
request for review:
Bug 26921: [XSSAuditor] HTML entities can bypass xssAuditor
https://bugs.webkit.org/show_bug.cgi?id=26921
Attachment 32602: Working patch with tests
https://bugs.webkit.org/attachment.cgi?id=32602&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
This is fine for now. Now that we've worked through all the known issues, it's
time to do a clean up patch for the auditor. There are some nits that I'd
change with this patch, but we can deal with them in the cleanup patch.
Thanks for the thorough test cases. That work is about to pay off.
More information about the webkit-reviews
mailing list