[Webkit-unassigned] [Bug 67091] XSS auditor bypass with http-equiv="refresh"
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 29 12:16:57 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=67091
Adam Barth <abarth at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
--- Comment #3 from Adam Barth <abarth at webkit.org> 2011-08-29 12:16:57 PST ---
Actually, this is working as intended. The bypass is only occurring when the injection is in the context of the refresh itself, which isn't something we're trying to stop.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list