[Webkit-unassigned] [Bug 29523] [XSSAuditor] JavaScript URLs that are URL-encoded twice can by bypass the XSSAuditor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 19 17:46:18 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=29523
--- Comment #6 from Adam Barth <abarth at webkit.org> 2009-09-19 17:46:17 PDT ---
> This is an optimization.
I think this optimization might be slightly premature. Those cases aren't very
common, and the added complexity probably isn't worth it.
Other than that, the patch looks good. Can you post a version without these
checks?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list