[Webkit-unassigned] [Bug 66588] XSS filter bypass via non-standard URL encoding
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 3 22:08:04 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66588
--- Comment #9 from Daniel Bates <dbates at webkit.org> 2011-09-03 22:08:04 PST ---
(In reply to comment #4)
> (From update of attachment 106094 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=106094&action=review
>
> > LayoutTests/http/tests/security/xssAuditor/script-tag-with-fancy-unicode2.html:13
> > +</iframe>
>
> Really need to stick some high-valued codepoints in here -- that may show the *p bug above. Also %252525u0061 should be tried as well to test interaction between the two decoders.
Will add test cases that include high-valued Unicode code points.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list