[Webkit-unassigned] [Bug 27179] Facebook Chat is broken due to XSS auditor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jul 11 15:55:37 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27179
--- Comment #3 from Adam Barth <abarth at webkit.org> 2009-07-11 15:55:36 PDT ---
The chat feature uses an iframe that echos a URL parameter in the src property
of a script tag. The web site is not exploitable because the server validates
the host name before echoing. Unfortunately, there is not obvious connection
between the iframe's host name (blah.blah.facebook.com) and the script's host
name (foo.bar.fbcdn.net, Facebook's CDN).
I think the correct solution is to look for more of the token in the URL. In
this case "<script" etc.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list