[webkit-reviews] review requested: [Bug 26199] Implement a reflective XSS filter : [Attachment 31126] Cleaned up patch (disabled by default)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 10 01:52:49 PDT 2009
Adam Barth <abarth at webkit.org> has asked for review:
Bug 26199: Implement a reflective XSS filter
https://bugs.webkit.org/show_bug.cgi?id=26199
Attachment 31126: Cleaned up patch (disabled by default)
https://bugs.webkit.org/attachment.cgi?id=31126&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
Here's a version cleaned up to (hopefully!) match WebKit style. The XSSAuditor
is disabled by default.
Basically, I'd to land this patch (and maybe some follow ups) so we can
experiment with this feature behind a command line flag in Chromium and measure
things like false positives via the Dev channel.
Once we've gathered enough data, we can revisit the issue of whether to turn
this on by default.
More information about the webkit-reviews
mailing list