Summary: | CSP and <base> Tag Injection | ||
---|---|---|---|
Product: | WebKit | Reporter: | Ashar Javed <justashar> |
Component: | Page Loading | Assignee: | Mike West <mkwst> |
Status: | RESOLVED FIXED | ||
Severity: | Normal | CC: | abarth, justashar, mkwst |
Priority: | P2 | ||
Version: | 528+ (Nightly build) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Bug Depends on: | |||
Bug Blocks: | 113307 |
Description
Ashar Javed
2012-10-15 06:13:21 PDT
That's a good idea. Would you be willing to email this information to the public-webappsec mailing list? That's the appropriate forum for proposing features for CSP 1.1. Thanks! Hi Adam, Thanks for information. I will do that. Thanks! Best, (In reply to comment #1) > That's a good idea. Would you be willing to email this information to the public-webappsec mailing list? That's the appropriate forum for proposing features for CSP 1.1. > > Thanks! > (In reply to comment #1) > > That's a good idea. Would you be willing to email this information to the public-webappsec mailing list? That's the appropriate forum for proposing features for CSP 1.1. > > > > Thanks! I've just put together a test at https://mkw.st/p/mixed/base.html and can't reproduce your result, Ashar. Could you put up a sample that exhibits the problem (or did I screw up my test?)? Thanks! Hi Mike, I have just tested this again and it works in Chrome Stable version but in Canary it does not work. In Chrome Stable the URL http://www.mobilefuxx.de/csp/xsstest/test_unsafe.php becomes http://www.google.com/csp/xsstest/test_unsafe.php Steps to Reproduce ----------------- 1) In Chrome Stable open: http://www.mobilefuxx.de/csp/xsstest/test_unsafe.php Set header 'self' and in the text area inject: <BASE HREF="http://www.google.com/logos/"> <img src="classicplus.png"> Click "Submit Attack" button. Behind the scene in Chrome Stable the base URL which is mobilefuxx has been changed to google. You can see this by clicking on the button(Submit Attack) again. I hope it helps. Thanks! (In reply to comment #3) > > (In reply to comment #1) > > > That's a good idea. Would you be willing to email this information to the public-webappsec mailing list? That's the appropriate forum for proposing features for CSP 1.1. > > > > > > Thanks! > > I've just put together a test at https://mkw.st/p/mixed/base.html and can't reproduce your result, Ashar. Could you put up a sample that exhibits the problem (or did I screw up my test?)? > > Thanks! Great. Looks like this is fixed in trunk, then. |