[Webkit-unassigned] [Bug 29523] [XSSAuditor] JavaScript URLs that are URL-encoded twice can by bypass the XSSAuditor

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Sep 19 17:55:39 PDT 2009


Daniel Bates <dbates at webkit.org> changed:

           What    |Removed                     |Added
  Attachment #39828|                            |review?
               Flag|                            |
  Attachment #39826|0                           |1
        is obsolete|                            |

--- Comment #7 from Daniel Bates <dbates at webkit.org>  2009-09-19 17:55:38 PDT ---
Created an attachment (id=39828)
 --> (https://bugs.webkit.org/attachment.cgi?id=39828)
Patch with test cases

On Adam's remarks, removed checks m_frame->script()->isEnabled(), 
m_frame->script()->isPaused() from patch

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list