[Webkit-unassigned] [Bug 66588] XSS filter bypass via non-standard URL encoding
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 2 12:00:53 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66588
--- Comment #5 from Thomas Sepez <tsepez at chromium.org> 2011-09-02 12:00:53 PST ---
(From update of attachment 106094)
View in context: https://bugs.webkit.org/attachment.cgi?id=106094&action=review
> Source/WebCore/html/parser/XSSAuditor.cpp:130
> workingString = decodeURLEscapeSequences(workingString);
Might want to circumvent the path through KURL.cpp to avoid schizophrenic issues about whether KURLGoogle.cpp is used on a given build. You could just call the templated function directly.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list