[Webkit-unassigned] [Bug 27312] [XSSAuditor] Add support for header X-XSS-Protection
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 28 08:27:59 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=27312
--- Comment #13 from Adam Barth <abarth at webkit.org> 2010-01-28 08:27:58 PST ---
To be clear, here are the exact semantics we want:
[[
We simply look at the first non-whitespace character of the value of the first
X-XSS-Protection response header. If it's '0', we disable protection. If it's
'1', we enable protection. We ignore the rest of the line, although if the
value is longer than 16 characters, we ignore the whole thing.
]]
So, for 12, we'd want that if the first two characters are "12" then we turn on
the full page block regardless of what the rest of the header is (as long as
it's less than or equal to 16 characters). Crazy, I know.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list