[Webkit-unassigned] [Bug 27312] [XSSAuditor] Add support for header X-XSS-Protection
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jan 30 11:05:10 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=27312
--- Comment #14 from Daniel Bates <dbates at webkit.org> 2010-01-30 11:05:09 PST ---
Will update the patch. By the way, do you have a reference for the quote?
(In reply to comment #13)
> To be clear, here are the exact semantics we want:
>
> [[
> We simply look at the first non-whitespace character of the value of the first
> X-XSS-Protection response header. If it's '0', we disable protection. If it's
> '1', we enable protection. We ignore the rest of the line, although if the
> value is longer than 16 characters, we ignore the whole thing.
> ]]
>
> So, for 12, we'd want that if the first two characters are "12" then we turn on
> the full page block regardless of what the rest of the header is (as long as
> it's less than or equal to 16 characters). Crazy, I know.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list