[Webkit-unassigned] [Bug 29944] [XSSAuditor] Reduce false positives by checking for illegal URI characters

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 11 12:32:31 PST 2014


https://bugs.webkit.org/show_bug.cgi?id=29944





--- Comment #4 from Daniel Bates <dbates at webkit.org>  2014-02-11 12:29:46 PST ---
(In reply to comment #0)
> [...]
> With regards to an injection of an inline event handler, we believe that the majority of such injections occur as part of breaking out of a quoted property and thus a request that does not contain a single or double quote can be allowed. However, this decision causes the following test cases to fail: property-inject.html, property-escape-noquotes.html, and property-escape-noquotes-tab-slash-chars.html. We should address these in a separate update.

See bug #127853.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the webkit-unassigned mailing list