[webkit-reviews] review requested: [Bug 67134] XSSAuditor bypass under big5 encoding (also sjis). : [Attachment 106895] patch using perl for testcase.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 9 11:56:36 PDT 2011


Thomas Sepez <tsepez at chromium.org> has asked  for review:
Bug 67134: XSSAuditor bypass under big5 encoding (also sjis).
https://bugs.webkit.org/show_bug.cgi?id=67134

Attachment 106895: patch using perl for testcase.
https://bugs.webkit.org/attachment.cgi?id=106895&action=review

------- Additional Comments from Thomas Sepez <tsepez at chromium.org>
Updated echo-intertag.pl to allow specification of charset in content-type
header.  We don't decode the strings because we want the exact byte sequence
returned as passed in escaped in the q parameter.  This appears to be the case
when CGI is invoked without the utf8 option, treating the parameter as if it
were a binary string.


More information about the webkit-reviews mailing list