[Webkit-unassigned] [Bug 94547] New: XSSAuditor too tolerant of injected data: URLs from other "hostless" schemes.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 20 16:38:44 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=94547
Summary: XSSAuditor too tolerant of injected data: URLs from
other "hostless" schemes.
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: tsepez at chromium.org
Originally reported by sasha zivojinovic at crbug.com/142636
XSSAuditor's isSameOrignRequest() gets tripped up when the main page is loaded from say file:/// (which has no host portion) and the injected payload is from data: (which has no host portion).
No risk of cookie theft from data: URLs, but can do nuisance things like navigate the top page.
Unclear whether there are really any protocols that need this protection.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list