Summary: | XSSAuditor bypass with leading /*///*/ comment | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Thomas Sepez <tsepez> | ||||||
Component: | WebCore Misc. | Assignee: | Thomas Sepez <tsepez> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | abarth, dbates, webkit.review.bot | ||||||
Priority: | P2 | Keywords: | InRadar, XSSAuditor | ||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Attachments: |
|
Description
Thomas Sepez
2012-05-31 12:12:07 PDT
Off by two. The block: else if (startsMultiLineCommentAt(string, startPosition)) { if ((foundPosition = string.find("*/", startPosition)) != notFound) startPosition = foundPosition + 2; is matching /*/ as a complete comment, which it's not. Then when we look at the next characters, we see // which we interpret as a single line comment -- but the JS parser doesn't. Created attachment 145144 [details]
patch/test
Adam, please review. Attachment 145144 [details] did not pass style-queue:
Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'LayoutTests/ChangeLog', u'LayoutTests/http..." exit_code: 1
LayoutTests/ChangeLog:8: Line contains tab character. [whitespace/tab] [5]
LayoutTests/ChangeLog:9: Line contains tab character. [whitespace/tab] [5]
Source/WebCore/ChangeLog:8: Line contains tab character. [whitespace/tab] [5]
Total errors found: 3 in 5 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Created attachment 145147 [details]
patch/test/fix indent
Comment on attachment 145147 [details] patch/test/fix indent Clearing flags on attachment: 145147 Committed r119184: <http://trac.webkit.org/changeset/119184> All reviewed patches have been landed. Closing bug. |