[Webkit-unassigned] [Bug 26784] New: Enable XSSAuditor by default

Sun Jun 28 12:35:02 PDT 2009

https://bugs.webkit.org/show_bug.cgi?id=26784

           Summary: Enable XSSAuditor by default
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: abarth at webkit.org
                CC: sam at webkit.org, dbates at berkeley.edu

We should try enabling the XSSAuditor by default in the nightly to get a sense
for the false positive rate.  Sam said we should do this once we have decent
test coverage, and we now have 29 tests.

Please CC me and Dan on any regressions / false positives we find.  If we get a
bunch of them, we can turn off the auditor again while we think about how to
reduce them.

We still have one known false negative (HTML entities), but we can work on
fixing that in parallel.  Also, we should support the "turn off XSS filtering"
header that IE8 supports, but I'll file a separate bug about that.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.