[webkit-reviews] review denied: [Bug 30242] [XSSAuditor] IFrame JavaScript URLs that are URL-encoded twice can by bypass the XSSAuditor : [Attachment 41007] Patch with test cases
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Oct 11 20:21:19 PDT 2009
Adam Barth <abarth at webkit.org> has denied Daniel Bates <dbates at webkit.org>'s
request for review:
Bug 30242: [XSSAuditor] IFrame JavaScript URLs that are URL-encoded twice can
by bypass the XSSAuditor
https://bugs.webkit.org/show_bug.cgi?id=30242
Attachment 41007: Patch with test cases
https://bugs.webkit.org/attachment.cgi?id=41007&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
You need to initialize m_decodeURLEscapeSequencesTwice in the constructor.
At some point we need to clean up all the boolean flags being passed around.
This coding step is getting nasty. I wish there was a better way.
More information about the webkit-reviews
mailing list