XSSAuditor::decodeURL used the wrong length for the input string. When the input string was decoded, the decoded result was truncated. Hence, XSSAuditor was comparing the source code of the script to the truncated input parameters.
Created attachment 39656 [details] Patch with test case
Comment on attachment 39656 [details] Patch with test case I know Dan would want to land this himself, but I'ld like this to get into the nightly build we so can close the loop with the sla.ckers.org folks.
Comment on attachment 39656 [details] Patch with test case Rejecting patch 39656 from commit-queue. This patch will require manual commit. ['WebKitTools/Scripts/run-webkit-tests'] failed with exit code 1
Comment on attachment 39656 [details] Patch with test case Clearing flags on attachment: 39656 Committed r48458: <http://trac.webkit.org/changeset/48458>
All reviewed patches have been landed. Closing bug.