Bug 29306 - [XSSAuditor] Scripts with accented characters can bypass the XSSAuditor
Summary: [XSSAuditor] Scripts with accented characters can bypass the XSSAuditor
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL: http://eaea.sirdarckcat.net/xss.php?h...
Keywords: XSSAuditor
Depends on:
Blocks: 29278
  Show dependency treegraph
 
Reported: 2009-09-16 12:27 PDT by Daniel Bates
Modified: 2009-09-16 23:45 PDT (History)
3 users (show)

See Also:


Attachments
Patch with test case (3.51 KB, patch)
2009-09-16 12:29 PDT, Daniel Bates
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2009-09-16 12:27:17 PDT
XSSAuditor::decodeURL used the wrong length for the input string. When the input string was decoded, the decoded result was truncated. Hence, XSSAuditor was comparing the source code of the script to the truncated input parameters.
Comment 1 Daniel Bates 2009-09-16 12:29:23 PDT
Created attachment 39656 [details]
Patch with test case
Comment 2 Adam Barth 2009-09-16 22:44:04 PDT
Comment on attachment 39656 [details]
Patch with test case

I know Dan would want to land this himself, but I'ld like this to get into the nightly build we so can close the loop with the sla.ckers.org folks.
Comment 3 Adam Barth 2009-09-16 23:42:43 PDT
Comment on attachment 39656 [details]
Patch with test case

Rejecting patch 39656 from commit-queue.

This patch will require manual commit. ['WebKitTools/Scripts/run-webkit-tests'] failed with exit code 1
Comment 4 Adam Barth 2009-09-16 23:45:30 PDT
Comment on attachment 39656 [details]
Patch with test case

Clearing flags on attachment: 39656

Committed r48458: <http://trac.webkit.org/changeset/48458>
Comment 5 Adam Barth 2009-09-16 23:45:38 PDT
All reviewed patches have been landed.  Closing bug.