[Webkit-unassigned] [Bug 17689] New: Reject long UTF sequences
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 5 15:57:23 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=17689
Summary: Reject long UTF sequences
Product: WebKit
Version: 525+ (Nightly build)
Platform: PC
OS/Version: Windows XP
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebKit Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: help.improve.webkit at gmail.com
CC: help.improve.webkit at gmail.com
Webkit issue:
UTF standards require parsers to reject sequences that were encoded using more
bytes than absolutely necessary (for example, standard 7-bit characters encoded
as 2 or 4-byte strings, e.g. j, either as a binary value or a HTML
entity).
Modify the renderer to reject such characters, as they have no legitimate use,
but are routinely abused to carry out cross-site scripting attacks (attempts to
close HTML tags and inject code, when obfuscated this way, routinely bypass
filters).
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list