[Webkit-unassigned] [Bug 26918] New: XSSAuditor should prevent injection of HTML Base tag
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 1 22:47:24 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26918
Summary: XSSAuditor should prevent injection of HTML Base tag
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: dbates at berkeley.edu
CC: sam at webkit.org, abarth at webkit.org
We should prevent injections of <base href="...">, since this can be used to
load external scripts from a malicious site.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list