[Webkit-unassigned] [Bug 26918] XSSAuditor should prevent injection of HTML Base tag
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 7 13:10:03 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26918
Adam Barth <abarth at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #32348|review? |review-
Flag| |
--- Comment #6 from Adam Barth <abarth at webkit.org> 2009-07-07 13:10:01 PDT ---
(From update of attachment 32348)
This looks pretty good. Only one detail to change.
> + m_hrefAttrValue = StringImpl::createStrippingNullCharacters(attr->value().characters(), attr->value().length());
It doesn't seem right to do the null stripping here. m_hrefAttrValue should
hold the value of the href attr, nulls and all.
> +bool XSSAuditor::canSetBaseElementURL(const String& url) const
We can either do the null stripping here or find a way to tell findInRequest
not to strip nulls.
Do we have this same null issue with <script src="..."> or canLoadObject? If
so, we should fix that in a separate bug.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list