Summary: | [XSS Auditor] Partial bypass when web server collapses path components | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Daniel Bates <dbates> | ||||
Component: | WebCore Misc. | Assignee: | Daniel Bates <dbates> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | ap, ryanhaddad | ||||
Priority: | P2 | Keywords: | BlinkMergeCandidate, XSSAuditor | ||||
Version: | WebKit Local Build | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=153250 | ||||||
Attachments: |
|
Description
Daniel Bates
2016-01-07 17:03:07 PST
Created attachment 268510 [details]
Patch
Comment on attachment 268510 [details]
Patch
r=me. Please land manually, as the patch does not seem to apply cleanly.
Committed r195073: <http://trac.webkit.org/changeset/195073> The test landed here asserts very frequently: http://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fsecurity%2FxssAuditor%2Fembed-tag-in-path-unterminated.html |