152872 – [XSS Auditor] Partial bypass when web server collapses path components

Bug 152872 - [XSS Auditor] Partial bypass when web server collapses path components

Summary: [XSS Auditor] Partial bypass when web server collapses path components

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Local Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Daniel Bates

URL:
Keywords:	BlinkMergeCandidate, XSSAuditor

Depends on:
Blocks:

Reported:	2016-01-07 17:03 PST by Daniel Bates
Modified:	2016-01-19 22:51 PST (History)
CC List:	2 users (show)

See Also:	153250

Attachments
Patch (9.50 KB, patch) 2016-01-07 17:04 PST, Daniel Bates	bfulgham: review+ bfulgham: commit-queue-	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Bates 2016-01-07 17:03:07 PST

Blink Issue: <https://code.google.com/p/chromium/issues/detail?id=344146>

Comment 1 Daniel Bates 2016-01-07 17:04:27 PST

Created attachment 268510 [details]
Patch

Comment 2 Brent Fulgham 2016-01-13 13:00:50 PST

Comment on attachment 268510 [details]
Patch

r=me. Please land manually, as the patch does not seem to apply cleanly.

Comment 3 Daniel Bates 2016-01-14 13:38:05 PST

Committed r195073: <http://trac.webkit.org/changeset/195073>

Comment 4 Alexey Proskuryakov 2016-01-19 22:51:08 PST

The test landed here asserts very frequently: http://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fsecurity%2FxssAuditor%2Fembed-tag-in-path-unterminated.html