[Webkit-unassigned] [Bug 38613] REGRESSION: XSS Auditor blocks scripts in w3schools interactive shell
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 5 21:20:08 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=38613
Daniel Bates <dbates at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
--- Comment #3 from Daniel Bates <dbates at webkit.org> 2010-05-05 21:20:06 PST ---
Unfortunately, w3schools.com has an XSS vulnerability that it uses as part of
its Tryit Editor. Since the passing of changeset 56295
<http://trac.webkit.org/changeset/56295>, web developers (such as
w3schools.com) can opt-out of the XSSAuditor by specifying the HTTP header
X-XSS-Protection: 0.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list