[Webkit-unassigned] [Bug 67091] XSS auditor bypass with http-equiv="refresh"
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 29 10:40:47 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=67091
Thomas Sepez <tsepez at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tsepez at chromium.org
--- Comment #1 from Thomas Sepez <tsepez at chromium.org> 2011-08-29 10:40:47 PST ---
<meta> refresh to "javascript:" seems dubious. Can we measure how often this occurs in the wild? Might be best to just block it using a mechanism other than XSSAuditor.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list