RESOLVED FIXED 28767
KURLGoogle's decodeURLEscapeSequences should unescape %00 for compat with KURL.cpp 
https://bugs.webkit.org/show_bug.cgi?id=28767
Summary KURLGoogle's decodeURLEscapeSequences should unescape %00 for compat with KUR...
Darin Fisher (:fishd, Google)
Reported 2009-08-27 00:34:13 PDT
KURLGoogle's decodeURLEscapeSequences should unescape %00 for compat with KURL.cpp WebCore--the XSSAuditor in particular--expects that decodeURLEscapeSequences will unescape all escape sequences. Note: https://bugs.webkit.org/show_bug.cgi?id=20559 highlights the risk involved with decoded %00, and those concerns are definitely valid. I took a look at all of the callsites, and I believe we should be OK. (Famous last words...)
Attachments
v1 patch - allow %00 unescaping (2.49 KB, patch)
2009-08-27 00:41 PDT, Darin Fisher (:fishd, Google) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Darin Fisher (:fishd, Google)
Comment 1 2009-08-27 00:41:50 PDT
Created attachment 38660 [details] v1 patch - allow %00 unescaping
Dimitri Glazkov (Google)
Comment 2 2009-08-27 07:43:44 PDT
Comment on attachment 38660 [details] v1 patch - allow %00 unescaping r=me.
Eric Seidel (no email)
Comment 3 2009-08-27 07:54:13 PDT
Comment on attachment 38660 [details] v1 patch - allow %00 unescaping Clearing flags on attachment: 38660 Committed r47819: <http://trac.webkit.org/changeset/47819>
Eric Seidel (no email)
Comment 4 2009-08-27 07:54:21 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.