WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
130475
XSS Auditor doesn't block <script> injected before an existing <script>
https://bugs.webkit.org/show_bug.cgi?id=130475
Summary
XSS Auditor doesn't block <script> injected before an existing <script>
Daniel Bates
Reported
2014-03-19 14:20:47 PDT
Without loss of generality, consider a page with the following PHP markup: <!DOCTYPE html> <html> <body> <?php echo $_GET["q"] ?><script>function dummy() {}</script> </body> </html> Take q := "<script>alert(/XSS/)". Then the page displays a JavaScript alert with message "/XSS/".
Attachments
Layout tests
(4.92 KB, patch)
2014-03-19 14:31 PDT
,
Daniel Bates
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Daniel Bates
Comment 1
2014-03-19 14:21:03 PDT
<
https://code.google.com/p/chromium/issues/detail?id=354109
>
Daniel Bates
Comment 2
2014-03-19 14:21:22 PDT
<
rdar://problem/16348414
>
Daniel Bates
Comment 3
2014-03-19 14:31:32 PDT
Created
attachment 227218
[details]
Layout tests DRT layout tests. We may also want to supplement these tests with Thomas Sepez's tests in <
https://codereview.chromium.org/205243002/
>.
Daniel Bates
Comment 4
2014-03-19 14:38:15 PDT
(In reply to
comment #3
)
> Created an attachment (id=227218) [details] > Layout tests > > DRT layout tests. We may also want to supplement these tests with Thomas Sepez's tests in <
https://codereview.chromium.org/205243002/
>.
I should add that the contents of the included -expected.txt files need to be updated.
David Kilzer (:ddkilzer)
Comment 5
2014-03-22 19:11:14 PDT
Fixed in Blink: <
http://src.chromium.org/viewvc/blink?view=rev&rev=169697
>
Daniel Bates
Comment 6
2014-03-24 16:12:27 PDT
Committed
r166202
: <
http://trac.webkit.org/changeset/166202
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug