[Webkit-unassigned] [Bug 83281] [EFL] Add setting API to enable/disable XSSAuditor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 10 22:13:43 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=83281
--- Comment #9 from Raphael Kubo da Costa (rakuco) <rakuco at webkit.org> 2012-04-10 22:13:43 PST ---
(From update of attachment 136444)
View in context: https://bugs.webkit.org/attachment.cgi?id=136444&action=review
Looks almost there to me. My main grip here is related to what additional information is emitted with the frame and view signals: right now I don't know the URL that caused the issue or whether the whole page was blocked, and in the case of the view signal I only know that "something XSS-related happened", as I don't even know which frame it is related to.
> Source/WebKit/efl/ewk/ewk_view.h:2386
> + * The XSSAuditor (cross-site scripting protection) feature provides protection
> + * from reflected XSS attacks on vulnerable web sites. This feature is enabled
> + * by default.
It'd be good to expand this by explaining how XSS attacks are presented. There's no need for a detailed explanation, but from only looking at this paragraph I can't tell if requests are blocked, if the whole page is not loaded etc.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list