[Webkit-unassigned] [Bug 29523] [XSSAuditor] JavaScript URLs that are URL-encoded twice can by bypass the XSSAuditor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 19 17:55:39 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=29523
Daniel Bates <dbates at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #39828| |review?
Flag| |
Attachment #39826|0 |1
is obsolete| |
--- Comment #7 from Daniel Bates <dbates at webkit.org> 2009-09-19 17:55:38 PDT ---
Created an attachment (id=39828)
--> (https://bugs.webkit.org/attachment.cgi?id=39828)
Patch with test cases
On Adam's remarks, removed checks m_frame->script()->isEnabled(),
m_frame->script()->isPaused() from patch
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list