Bug 161939

Summary: [XSS Auditor] HTML5 entities can bypass XSS Auditor
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, bfulgham, webkit-bug-importer
Priority: P2 Keywords: BlinkMergeCandidate, InRadar
Version: WebKit Local Build   
Hardware: All   
OS: All   
Bug Depends on: 161937    
Bug Blocks:    
Attachments:
Description Flags
Patch and Layout Test none

Comment 1 Daniel Bates 2016-09-13 18:21:22 PDT
<rdar://problem/25819815>
Comment 2 Daniel Bates 2016-09-13 18:43:49 PDT
Created attachment 288758 [details]
Patch and Layout Test
Comment 3 David Kilzer (:ddkilzer) 2016-09-13 18:58:25 PDT
Comment on attachment 288758 [details]
Patch and Layout Test

r=me
Comment 4 Daniel Bates 2016-09-22 14:36:28 PDT
Comment on attachment 288758 [details]
Patch and Layout Test

Clearing flags on attachment: 288758

Committed r206277: <http://trac.webkit.org/changeset/206277>
Comment 5 Daniel Bates 2016-09-22 14:36:31 PDT
All reviewed patches have been landed.  Closing bug.