WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
152872
[XSS Auditor] Partial bypass when web server collapses path components
https://bugs.webkit.org/show_bug.cgi?id=152872
Summary
[XSS Auditor] Partial bypass when web server collapses path components
Daniel Bates
Reported
2016-01-07 17:03:07 PST
Blink Issue: <
https://code.google.com/p/chromium/issues/detail?id=344146
>
Attachments
Patch
(9.50 KB, patch)
2016-01-07 17:04 PST
,
Daniel Bates
bfulgham
: review+
bfulgham
: commit-queue-
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Daniel Bates
Comment 1
2016-01-07 17:04:27 PST
Created
attachment 268510
[details]
Patch
Brent Fulgham
Comment 2
2016-01-13 13:00:50 PST
Comment on
attachment 268510
[details]
Patch r=me. Please land manually, as the patch does not seem to apply cleanly.
Daniel Bates
Comment 3
2016-01-14 13:38:05 PST
Committed
r195073
: <
http://trac.webkit.org/changeset/195073
>
Alexey Proskuryakov
Comment 4
2016-01-19 22:51:08 PST
The test landed here asserts very frequently:
http://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fsecurity%2FxssAuditor%2Fembed-tag-in-path-unterminated.html
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug