[webkit-reviews] review granted: [Bug 70255] XSSAuditor bypass with remote script ending in ? character : [Attachment 111345] Much easier to understand patch.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 17 17:32:15 PDT 2011
Daniel Bates <dbates at webkit.org> has granted Thomas Sepez
<tsepez at chromium.org>'s request for review:
Bug 70255: XSSAuditor bypass with remote script ending in ? character
https://bugs.webkit.org/show_bug.cgi?id=70255
Attachment 111345: Much easier to understand patch.
https://bugs.webkit.org/attachment.cgi?id=111345&action=review
------- Additional Comments from Daniel Bates <dbates at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=111345&action=review
Looks sane to me.
> Source/WebCore/ChangeLog:5
> + Fix xssauditor bypass where unterminated src="" attribute could pick
up
> + text from page causing failed XSS detection. Constrain match to
domain
> + portions of src attribute only.
The format of the change log entry is to put the bug title above the bug URL
and put a description after the Reviewed by line. One such example of this
format can been in the change log for <http://trac.webkit.org/changeset/97675>.
Nit: xssauditor => XSSAuditor
More information about the webkit-reviews
mailing list