[Webkit-unassigned] [Bug 127853] [XSSAuditor] Improve detection of inline event handlers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 11 12:30:47 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=127853
Daniel Bates <dbates at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Type-1 XSS filter bypass in |[XSSAuditor] Improve
|Chrome for the <source> tag |detection of inline event
| |handlers
Product|Security |WebKit
Version|Other |528+ (Nightly build)
Keywords| |XSSAuditor
Component|Security |WebCore Misc.
AssignedTo|webkit-security-unassigned@ |webkit-unassigned at lists.web
|lists.webkit.org |kit.org
Group|Security-Sensitive |
--- Comment #4 from Daniel Bates <dbates at webkit.org> 2014-02-11 12:28:03 PST ---
This isn't a security bug. We should look to fix the following XSS Auditor tests: property-inject.html, property-escape-noquotes.html, and property-escape-noquotes-tab-slash-chars.html.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list