[Webkit-unassigned] [Bug 27189] r45752+ nightly: @import css generates wrong path
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jul 12 11:46:45 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27189
--- Comment #2 from Daniel Bates <dbates at berkeley.edu> 2009-07-12 11:46:45 PDT ---
This issue is triggered because of the HTML Base element:
<base href="http://forum.dvdtalk.com/" />
XSSAuditor thinks this is an attack because the URL of the Base element appears
in the URL of the page (say http://forum.dvdtalk.com/dvd-talk-3/). A check in
XSSAuditor::canSetBaseElementURL (line:
m_frame->document()->url().baseAsString() != baseElementURL.baseAsString()) is
insufficient. Working on patch.
(In reply to comment #0)
> The forum's on the site load a css from:
>
> @import url("clientscript/vbulletin_css/style-bbed93be-00019.css");
>
> r45752+ generates a file not found and the css doesn't render when it tries to
> load the path:
>
> http://forum.dvdtalk.com/forum-feedback-support-4/clientscript/vbulletin_css/style-bbed93be-00019.css
>
> r45702 and earlier does render correctly and looks for the path:
>
> http://forum.dvdtalk.com/clientscript/vbulletin_css/style-bbed93be-00019.css
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list