30418 – [XSSAuditor] http://www.apple.com/startpage fails to render properly

RESOLVED FIXED 30418

[XSSAuditor] http://www.apple.com/startpage fails to render properly

https://bugs.webkit.org/show_bug.cgi?id=30418

Summary [XSSAuditor] http://www.apple.com/startpage fails to render properly

Daniel Bates

Reported 2009-10-15 17:35:17 PDT

The Apple start page fails to render properly because the XSSAuditor blocks loading content with respect to the specified HTML Base element. Notice the first seven characters of the src property of the HTML Base element is "http://" which is clearly in the page URL.

Attachments
Add attachment proposed patch, testcase, etc.

Adam Barth

Comment 1 2009-10-15 17:45:48 PDT

Frown. Let's revert the 7 character change while we think about these cases.

Daniel Bates

Comment 2 2009-10-15 17:54:45 PDT

This issue also effects XSSAuditor::canLoadObject, and XSSAuditor::canEvaluateJavaScriptURL.

Adam Barth

Comment 3 2009-10-15 23:40:33 PDT

Dan rolled out the offending patch.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2009-10-15 17:35 PDT

Modified

2009-10-15 23:40 PDT History

CC List

2 users Show

URL

http://www.apple.com/startpage

Keywords XSSAuditor

Depends on

Blocks