[Webkit-unassigned] [Bug 26199] New: Implement a reflective XSS filter

Thu Jun 4 16:52:11 PDT 2009

https://bugs.webkit.org/show_bug.cgi?id=26199

           Summary: Implement a reflective XSS filter
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: abarth at webkit.org
                CC: mjs at apple.com, sam at webkit.org, ifette at google.com,
                    scarybeasts at gmail.com

We should implement a filter for reflected XSS.  The goal of the filter is to
prevent an attacker from exploiting some common kinds of reflected XSS
vulnerabilities in web sites.

A student I'm working with at Berkeley is working on one that improves on the
IE8 filter in a number of ways.  I'll update this bug with more information as
it becomes available.

What's the best way to measure the performance impact of the filter?  We can
obviously run SunSpider, but that's probably measuring the wrong thing.  Do we
have something like page cycler that we can try the patch on?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.