[Webkit-unassigned] [Bug 189551] srcdoc parsing differs from Firefox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 12 18:21:51 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=189551
Simon Fraser (smfr) <simon.fraser at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |simon.fraser at apple.com
--- Comment #2 from Simon Fraser (smfr) <simon.fraser at apple.com> ---
Ah yes, inspector says:
The XSS Auditor refused to execute a script in 'http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C!DOCTYPE%20html%3E%0A%3Cstyle%3E%0Abody%20%7B%20background%3A%20aqua%20%7D%0A%3C%2Fstyle%3E%0A%3Ciframe%20srcdoc%3D%22%3Cdiv%20style%3Dbackground%3Ablue%3Bheight%3A30px%3E%3C%2Fdiv%3E%22%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180913/207536a4/attachment.html>
More information about the webkit-unassigned
mailing list