Bug 161939

Summary:

[XSS Auditor] HTML5 entities can bypass XSS Auditor

Product:

WebKit

Reporter:

Daniel Bates <dbates>

Component:

WebCore Misc.

Assignee:

Daniel Bates <dbates>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

aestes, bfulgham, webkit-bug-importer

Priority:

Keywords:

BlinkMergeCandidate, InRadar

Version:

WebKit Local Build

Hardware:

All

OS:

All

Bug Depends on:

161937

Bug Blocks:

Attachments:

Description	Flags
Patch and Layout Test	none

Daniel Bates

Reported 2016-09-13 18:20:22 PDT

We should merge <https://chromium.googlesource.com/chromium/src/+/04e44060dccee711842d08652bf1c622a0f43179>.

Attachments
Patch and Layout Test (5.44 KB, patch) 2016-09-13 18:43 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2016-09-13 18:21:22 PDT

<rdar://problem/25819815>

Daniel Bates

Comment 2 2016-09-13 18:43:49 PDT

Created attachment 288758 [details] Patch and Layout Test

David Kilzer (:ddkilzer)

Comment 3 2016-09-13 18:58:25 PDT

Comment on attachment 288758 [details] Patch and Layout Test r=me

Daniel Bates

Comment 4 2016-09-22 14:36:28 PDT

Comment on attachment 288758 [details] Patch and Layout Test Clearing flags on attachment: 288758 Committed r206277: <http://trac.webkit.org/changeset/206277>

Daniel Bates

Comment 5 2016-09-22 14:36:31 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.