[Webkit-unassigned] [Bug 67091] XSS auditor bypass with http-equiv="refresh"

Mon Aug 29 10:40:47 PDT 2011

https://bugs.webkit.org/show_bug.cgi?id=67091

Thomas Sepez <tsepez at chromium.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tsepez at chromium.org

--- Comment #1 from Thomas Sepez <tsepez at chromium.org>  2011-08-29 10:40:47 PST ---
<meta> refresh to "javascript:" seems dubious.  Can we measure how often this occurs in the wild?  Might be best to just block it using a mechanism other than XSSAuditor.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.