[Webkit-unassigned] [Bug 15530] New: XMLHttpRequest should not support certain methods
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 16 04:07:01 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=15530
Summary: XMLHttpRequest should not support certain methods
Product: WebKit
Version: 522+ (nightly)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P3
Component: XML
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ap at webkit.org
These methods make various XSS attacks possible.
TRACE http://www.kb.cert.org/vuls/id/867593
TRACK http://www.kb.cert.org/vuls/id/288308
CONNECT http://www.kb.cert.org/vuls/id/150227
AFAIK the network layer blocks them on the Mac anyway, but I think we should
explicitly check for these in XMLHttpRequest implementation itself.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list