[webkit-reviews] review denied: [Bug 29523] [XSSAuditor] JavaScript URLs that are URL-encoded twice can by bypass the XSSAuditor : [Attachment 39824] Patch with test cases
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 19 15:41:45 PDT 2009
Adam Barth <abarth at webkit.org> has denied Daniel Bates <dbates at webkit.org>'s
request for review:
Bug 29523: [XSSAuditor] JavaScript URLs that are URL-encoded twice can by
bypass the XSSAuditor
https://bugs.webkit.org/show_bug.cgi?id=29523
Attachment 39824: Patch with test cases
https://bugs.webkit.org/attachment.cgi?id=39824&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
+ m_frame->script()->isEnabled() && !m_frame->script()->isPaused()
Why did we add these conditions that weren't there before?
Can we remove any of the other instances of canEvaluateJavaScriptURL?
More information about the webkit-reviews
mailing list