[Webkit-unassigned] [Bug 44445] New: Reflective XSS Protection and ASP unicode messing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 23 11:39:49 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=44445
Summary: Reflective XSS Protection and ASP unicode messing
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rasky at develer.com
The Reflective XSS Protection currently present in Chrome/Webkit fails to handle a weird unicode "pruning" made by ASP servers (where they substitute omoglyphs). The issue is well detailed in this blog post:
http://hackademix.net/2010/08/17/lost-in-translation-asps-homoxssuality/
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list