WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
29837
Write more XSSAuditor tests
https://bugs.webkit.org/show_bug.cgi?id=29837
Summary
Write more XSSAuditor tests
Daniel Bates
Reported
2009-09-28 22:14:39 PDT
Additional test cases adapted from
http://webblaze.org/dbates/
. In particular, Embed Tag JavaScript URL:
http://good.webblaze.org/dbates/xsstest.php?q=%3Cembed%20src=%22javascript:alert%28document.domain%29%22%3E%3C/embed%3E
Object Tag JavaScript URL:
http://good.webblaze.org/dbates/xsstest.php?q=%3Cobject%20data=%22javascript:alert%28document.domain%29%22%3E%3C/object%3E
HTTP-Equiv Refresh JavaScript URL:
http://good.webblaze.org/dbates/xsstest-head.php?q=%3Cmeta+http-equiv%3D%22refresh%22+content%3D%220%3B+url%3Djavascript%3Aalert%28document.domain%29%22%3E
Break out of inside property without quotes:
http://good.webblaze.org/dbates/xsstest-property-noquotes.php?q=1%20onload=alert(/XSS/
) Break out of inside property without quotes using ASCII Tab and / characters:
http://good.webblaze.org/dbates/xsstest-property-noquotes.php?q=dummy%09/onload=alert%28/XSS/%29&dummy=dummy
Injection of property:
http://good.webblaze.org/dbates/xsstest-add-property.php?q=onload=alert%28/XSS/%29&dummy=dummy
+++ This bug was initially created as a clone of
Bug #26776
+++
Attachments
More test cases
(11.61 KB, patch)
2009-09-28 22:25 PDT
,
Daniel Bates
abarth
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Daniel Bates
Comment 1
2009-09-28 22:25:35 PDT
Created
attachment 40282
[details]
More test cases
Adam Barth
Comment 2
2009-09-29 00:29:12 PDT
Comment on
attachment 40282
[details]
More test cases Tests == the awesome
Daniel Bates
Comment 3
2009-09-29 16:20:46 PDT
Committed
r48911
: <
http://trac.webkit.org/changeset/48911
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug