Created attachment 104557 [details] test case http://code.google.com/p/chromium/issues/detail?id=77731 VULNERABILITY DETAILS On pages that render a large amount of user input it is possible to bypass the XSS filter. VERSION Chrome Version: 11.0.696.25 beta Operating System: Windows Vista SP2 REPRODUCTION CASE The attachment contains two files: a PHP file and an HTML file. Host the PHP file and update the form action in the HTML file to point to it. Open a new chrome tab and navigate to the HTML file. xss-filter-bypass.zip 890 bytes Download
Adam, DNR using chrome 14 on linux. Didn't have php, but using a static file who's output matches what we'd expect from your static input file. Console reports the xss filter caught it. I'll add my static output as an attachment.
Created attachment 106176 [details] Static version of post response
Yeah, I think I fixed in an earlier patch. We probably should convert your static test to a LayoutTest and close this bug.
Created attachment 106195 [details] Proposed TestCase
Created attachment 106196 [details] Proposed test case with "" typo removed.
Comment on attachment 106196 [details] Proposed test case with "" typo removed. Clearing flags on attachment: 106196 Committed r94451: <http://trac.webkit.org/changeset/94451>
All reviewed patches have been landed. Closing bug.