[webkit-reviews] review requested: [Bug 79154] [chromium] XSS Auditor bypass via javascript url and control characters : [Attachment 128349] Patch.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 22 17:42:34 PST 2012
Thomas Sepez <tsepez at chromium.org> has asked for review:
Bug 79154: [chromium] XSS Auditor bypass via javascript url and control
characters
https://bugs.webkit.org/show_bug.cgi?id=79154
Attachment 128349: Patch.
https://bugs.webkit.org/attachment.cgi?id=128349&action=review
------- Additional Comments from Thomas Sepez <tsepez at chromium.org>
Patch using Adam's suggested function. Also, the test now uses an <a href="">
rather than an <iframe src=""> since iframe src currently isn't exploitable.
It flunks an origin test on chromium -- which is why this needs to be href in
an a tag. Still waiting full testing completion.
More information about the webkit-reviews
mailing list