[Webkit-unassigned] [Bug 27895] New: [XSSAuditor] Inline Event Handler with single-line JavaScript quote can bypass XSSAuditor

Fri Jul 31 13:56:24 PDT 2009

https://bugs.webkit.org/show_bug.cgi?id=27895

           Summary: [XSSAuditor] Inline Event Handler with single-line
                    JavaScript quote can bypass XSSAuditor
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://good.webblaze.org/dbates/xsstest-img-comment.ph
                    p?q=%3Cimg+src%3D%22about%3Ablank%22+onerror%3D%22aler
                    t%28/XSS/%29%3B//
        OS/Version: All
            Status: NEW
          Keywords: XSSAuditor
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: dbates at berkeley.edu
                CC: sam at webkit.org, abarth at webkit.org

An inline event handler that ends with a single-line JavaScript quote (i.e
'//') can bypass the XSSAuditor.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.