[Webkit-unassigned] [Bug 27239] Do not do HTTP Refresh to javascript: or other dangerous URI schemes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 21 23:16:31 PDT 2009


--- Comment #16 from Chris Evans <scarybeasts at gmail.com>  2009-10-21 23:16:31 PDT ---

Success: you see HTML source.
Fail: a redirect to www.google.com

This tests both the HTTP header and the meta tag method.

n.b. on my Linux dev channel Chrome, the above URL does nothing (blank page) if
the page is not in the cache. If you see that, hitting refresh will get you a
success or fail condition as outlined above.

But let me first investigate that weird viewsource iframe attribute (my grep
was for view-source so I missed the hyphenless version...

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list