You need to
before you can comment on or make changes to this bug.
Created an attachment (id=104557) [details]
On pages that render a large amount of user input it is possible to bypass the XSS filter.
Chrome Version: 11.0.696.25 beta
Operating System: Windows Vista SP2
The attachment contains two files: a PHP file and an HTML file. Host the PHP file and update the form action in the HTML file to point to it. Open a new chrome tab and navigate to the HTML file.
890 bytes Download
Adam, DNR using chrome 14 on linux. Didn't have php, but using a static file who's output matches what we'd expect from your static input file. Console reports the xss filter caught it. I'll add my static output as an attachment.
Created an attachment (id=106176) [details]
Static version of post response
Yeah, I think I fixed in an earlier patch. We probably should convert your static test to a LayoutTest and close this bug.
Created an attachment (id=106195) [details]
Created an attachment (id=106196) [details]
Proposed test case with "" typo removed.
(From update of attachment 106196 [details])
Clearing flags on attachment: 106196
Committed r94451: <http://trac.webkit.org/changeset/94451>
All reviewed patches have been landed. Closing bug.