Bug 29511

Summary:

[XSSAuditor] Script source code that contains non-ASCII characters may bypass the XSSAuditor

Product:

WebKit

Reporter:

Daniel Bates <dbates>

Component:

WebCore Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, mario.heiderich, sam

Priority:

Keywords:

XSSAuditor

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

29278

Attachments:

Description	Flags
Patch with test cases	none
Patch with test cases	none

Daniel Bates

Reported 2009-09-18 17:10:04 PDT

Script source code that contains non-ASCII characters may bypass the XSSAuditor. For example: http://eaea.sirdarckcat.net/xss.php?html_xss=%3Cimg+src=%220%22+onerror=%22/%80/;alert(document.domain)%22%3E http://eaea.sirdarckcat.net/xss.php?html_xss=%3Cimg+src='%80'+onerror=%27alert(document.domain)%27

Attachments
Patch with test cases (6.98 KB, patch) 2009-09-18 17:12 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
Patch with test cases (8.57 KB, patch) 2009-09-18 17:37 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2009-09-18 17:12:43 PDT

Created attachment 39804 [details] Patch with test cases

Daniel Bates

Comment 2 2009-09-18 17:37:44 PDT

Created attachment 39805 [details] Patch with test cases Added another test case: img-onerror-non-ASCII-char-default-encoding.html

Adam Barth

Comment 3 2009-09-18 22:50:47 PDT

Comment on attachment 39805 [details] Patch with test cases Thanks Dan. This looks great.

Daniel Bates

Comment 4 2009-09-19 13:29:54 PDT

Comment on attachment 39805 [details] Patch with test cases Clearing flags on attachment: 39805 Committed r48564: <http://trac.webkit.org/changeset/48564>

Daniel Bates

Comment 5 2009-09-19 13:30:01 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.