[webkit-reviews] review requested: [Bug 68092] xssauditor - truncate inline snippets at a reasonable length before comparison : [Attachment 107570] Proposed patch plus new test case
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 15 17:33:20 PDT 2011
Thomas Sepez <tsepez at chromium.org> has asked for review:
Bug 68092: xssauditor - truncate inline snippets at a reasonable length before
comparison
https://bugs.webkit.org/show_bug.cgi?id=68092
Attachment 107570: Proposed patch plus new test case
https://bugs.webkit.org/attachment.cgi?id=107570&action=review
------- Additional Comments from Thomas Sepez <tsepez at chromium.org>
Proposed patch plus test case. I manually tuned the length and confirmed the
test case fails if we move the truncation prior to the decoding. The test case
is kind of devious in that I wanted the alert to fire if the xss auditor didn't
catch the issue, but without the ability to introduce strings or regexps via
punctuation, I settled for a numeric expression, exploiting the dual nature of
the %-sign -- an escape for URL characters versus a modulo operation in JS.
Full tests still running on my box, hence no commit-queue "?" just yet. But
please review. Thanks heaps.
More information about the webkit-reviews
mailing list