[webkit-reviews] review granted: [Bug 92310] Href attribute with javascript protocol is stripped when content is pasted into a XML doucment : [Attachment 154719] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 26 12:39:41 PDT 2012
Adam Barth <abarth at webkit.org> has granted Ryosuke Niwa <rniwa at webkit.org>'s
request for review:
Bug 92310: Href attribute with javascript protocol is stripped when content is
pasted into a XML doucment
https://bugs.webkit.org/show_bug.cgi?id=92310
Attachment 154719: Patch
https://bugs.webkit.org/attachment.cgi?id=154719&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
rniwa convinced me that using "" won't go infinite for <iframe src>, so this is
probably ok. A natural followup would be to share code with XSS auditor since
XSS auditor is a bit smarter about blocking attributes.
More information about the webkit-reviews
mailing list