161939 – [XSS Auditor] HTML5 entities can bypass XSS Auditor

Bug 161939 - [XSS Auditor] HTML5 entities can bypass XSS Auditor

Summary: [XSS Auditor] HTML5 entities can bypass XSS Auditor

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Local Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Daniel Bates

URL:
Keywords:	BlinkMergeCandidate, InRadar

Depends on:	161937
Blocks:
	Show dependency tree / graph

Reported:	2016-09-13 18:20 PDT by Daniel Bates
Modified:	2016-09-22 14:36 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Patch and Layout Test (5.44 KB, patch) 2016-09-13 18:43 PDT, Daniel Bates	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Bates 2016-09-13 18:20:22 PDT

We should merge <https://chromium.googlesource.com/chromium/src/+/04e44060dccee711842d08652bf1c622a0f43179>.

Comment 1 Daniel Bates 2016-09-13 18:21:22 PDT

<rdar://problem/25819815>

Comment 2 Daniel Bates 2016-09-13 18:43:49 PDT

Created attachment 288758 [details]
Patch and Layout Test

Comment 3 David Kilzer (:ddkilzer) 2016-09-13 18:58:25 PDT

Comment on attachment 288758 [details]
Patch and Layout Test

r=me

Comment 4 Daniel Bates 2016-09-22 14:36:28 PDT

Comment on attachment 288758 [details]
Patch and Layout Test

Clearing flags on attachment: 288758

Committed r206277: <http://trac.webkit.org/changeset/206277>

Comment 5 Daniel Bates 2016-09-22 14:36:31 PDT

All reviewed patches have been landed.  Closing bug.