[Webkit-unassigned] [Bug 66588] XSS filter bypass via non-standard URL encoding
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 3 22:32:54 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66588
Daniel Bates <dbates at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #106094|0 |1
is obsolete| |
--- Comment #11 from Daniel Bates <dbates at webkit.org> 2011-09-03 22:32:54 PST ---
Created an attachment (id=106279)
--> (https://bugs.webkit.org/attachment.cgi?id=106279&action=review)
Patch and layout tests
Needs change log. We could also look to bolster the test case script-tag-with-fancy-unicode5.html with more high-valued Unicode code points.
Additionally, added an early return in XSSAuditor::init() when the document's URL is null or the empty string (i.e. url.isEmpty() evaluates to true). This can happen when opening a new browser window or calling window.open("") (i.e. not specifying a URL to window.open()).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list