[webkit-reviews] review denied: [Bug 24533] Add a test to ensure that obfuscated javascript: URLs don't allow XSS : [Attachment 28558] Add cases to javascriptURL-execution-context-frame-location-htmldom.html instead
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 13 00:52:30 PDT 2009
Alexey Proskuryakov <ap at webkit.org> has denied Pam Greene <pam at chromium.org>'s
request for review:
Bug 24533: Add a test to ensure that obfuscated javascript: URLs don't allow
XSS
https://bugs.webkit.org/show_bug.cgi?id=24533
Attachment 28558: Add cases to
javascriptURL-execution-context-frame-location-htmldom.html instead
https://bugs.webkit.org/attachment.cgi?id=28558&action=review
------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
Looking at the existing test more closely, I think that it doesn't work either:
since frame navigation happens asynchronously, it is a no-op. The relevant bits
of code are navigateIfAllowed() in JSLocationCustom.cpp and
FrameLoader::scheduleLocationChange().
It's a pre-existing problem, but fixing it seems to be in scope for this bug.
There should be enough time for navigation to take place asynchronously after
each assignment, which is admittedly a bit tricky.
More information about the webkit-reviews
mailing list