[Webkit-unassigned] [Bug 26199] New: Implement a reflective XSS filter
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 4 16:52:11 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26199
Summary: Implement a reflective XSS filter
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: abarth at webkit.org
CC: mjs at apple.com, sam at webkit.org, ifette at google.com,
scarybeasts at gmail.com
We should implement a filter for reflected XSS. The goal of the filter is to
prevent an attacker from exploiting some common kinds of reflected XSS
vulnerabilities in web sites.
A student I'm working with at Berkeley is working on one that improves on the
IE8 filter in a number of ways. I'll update this bug with more information as
it becomes available.
What's the best way to measure the performance impact of the filter? We can
obviously run SunSpider, but that's probably measuring the wrong thing. Do we
have something like page cycler that we can try the patch on?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list