[webkit-reviews] review granted: [Bug 84158] XSS Auditor bypass via svg tags and xlink:href : [Attachment 186181] Patch, fix qt build.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Feb 2 00:06:01 PST 2013
Adam Barth <abarth at webkit.org> has granted Thomas Sepez <tsepez at chromium.org>'s
request for review:
Bug 84158: XSS Auditor bypass via svg tags and xlink:href
https://bugs.webkit.org/show_bug.cgi?id=84158
Attachment 186181: Patch, fix qt build.
https://bugs.webkit.org/attachment.cgi?id=186181&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=186181&action=review
> Source/WebCore/html/parser/XSSAuditor.cpp:122
> + String attrName(name.localName().string());
I would just use the assignment form of the constructor.
> Source/WebCore/html/parser/XSSAuditor.cpp:125
> + if (name.namespaceURI() == XLinkNames::xlinkNamespaceURI)
> + attrName = "xlink:" + attrName;
Is it possible to use a different prefix than "xlink"? What about "xLinK:" ?
More information about the webkit-reviews
mailing list