[Webkit-unassigned] [Bug 27071] [XSSAuditor] HTTP parameters with null/control characters bypass XSSAuditor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 8 00:08:23 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27071
--- Comment #2 from Daniel Bates <dbates at berkeley.edu> 2009-07-08 00:08:22 PDT ---
I patched this by telling XSSAuditor::findInRequest when to allow/disallow null
and non-null control characters.
I also changed the console message type in method XSSAuditor::canLoadObject
from OtherMessageSource to JSMessageSource, since DumpRenderTree doesn't seem
to dump n OtherMessageSource errors as needed by various plugin-based test
cases.
(In reply to comment #1)
> Created an attachment (id=32431)
--> (https://bugs.webkit.org/attachment.cgi?id=32431) [details]
> Patch with tests
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list