Summary: | XSS Auditor doesn't block <script> injected before an existing <script> | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Daniel Bates <dbates> | ||||
Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | abarth, ap, ddkilzer, tsepez | ||||
Priority: | P2 | Keywords: | InRadar, XSSAuditor | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://demofaast.elevenpaths.com:9002/xssbypass/scriptbypass.php?value=%3Cscript%3Ealert%28%22Bypass%20Message%22%29 | ||||||
Attachments: |
|
Description
Daniel Bates
2014-03-19 14:20:47 PDT
Created attachment 227218 [details] Layout tests DRT layout tests. We may also want to supplement these tests with Thomas Sepez's tests in <https://codereview.chromium.org/205243002/>. (In reply to comment #3) > Created an attachment (id=227218) [details] > Layout tests > > DRT layout tests. We may also want to supplement these tests with Thomas Sepez's tests in <https://codereview.chromium.org/205243002/>. I should add that the contents of the included -expected.txt files need to be updated. Fixed in Blink: <http://src.chromium.org/viewvc/blink?view=rev&rev=169697> Committed r166202: <http://trac.webkit.org/changeset/166202> |