[Webkit-unassigned] [Bug 27312] [XSSAuditor] Add support for header X-XSS-Protection
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 15 20:02:49 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27312
--- Comment #1 from Daniel Bates <dbates at berkeley.edu> 2009-07-15 20:02:48 PDT ---
Created an attachment (id=32827)
--> (https://bugs.webkit.org/attachment.cgi?id=32827)
Work in progress patch with tests
This patch is a work in progress. It behaves as follows:
The X-XSS-Protection header is only obeyed if its value is 0 (i.e. disabled)
and "X-XSS-Protection" does appear in the HTTP parameters.
We may be walking a fine line in trying to implement this as we do no not want
to open ourselves up to a CRLF attack, such as
http://www.linkstofiles.com/crlf.py?url=cooki1%3dvalue1;%0d%0aX-XSS-Protection:0%0d%0a%0d%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(%27owned%27)%3C/script%3E%3C/body%3E%3C/html%3E
(Credit: http://packetstormsecurity.org/0812-exploits/ie80-xss.txt).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list