[Webkit-unassigned] [Bug 30242] [XSSAuditor] IFrame JavaScript URLs that are URL-encoded twice can by bypass the XSSAuditor

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Oct 11 20:56:29 PDT 2009


Daniel Bates <dbates at webkit.org> changed:

           What    |Removed                     |Added
  Attachment #41015|                            |review?
               Flag|                            |
  Attachment #41007|0                           |1
        is obsolete|                            |

--- Comment #5 from Daniel Bates <dbates at webkit.org>  2009-10-11 20:56:29 PDT ---
Created an attachment (id=41015)
 --> (https://bugs.webkit.org/attachment.cgi?id=41015)
Patch with test cases

Here is an updated patch.

I agree the code is getting a bit messy with the booleans. Do you want me to
try to clean this up now? Otherwise, I would suggest we do a clean up patch
after we get this one and bug #27895 resolved.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list