[Webkit-unassigned] [Bug 26784] New: Enable XSSAuditor by default
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jun 28 12:35:02 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26784
Summary: Enable XSSAuditor by default
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: abarth at webkit.org
CC: sam at webkit.org, dbates at berkeley.edu
We should try enabling the XSSAuditor by default in the nightly to get a sense
for the false positive rate. Sam said we should do this once we have decent
test coverage, and we now have 29 tests.
Please CC me and Dan on any regressions / false positives we find. If we get a
bunch of them, we can turn off the auditor again while we think about how to
reduce them.
We still have one known false negative (HTML entities), but we can work on
fixing that in parallel. Also, we should support the "turn off XSS filtering"
header that IE8 supports, but I'll file a separate bug about that.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list