Originally reported by masatokinugawa at http://code.google.com/p/chromium/issues/detail?id=114346 The attacker can bypass XSS Auditor. Chrome Version: 17.0.963.46 stable affected. Safari 5.1.2 is OK. The reflected vector is: ?xss=%3Cscript%3E//%E2%80%A9alert(1)%3C/script%3E <script>//[U+2028 or 2029]alert(1)</script>
Created attachment 127245 [details] Patch.
Comment on attachment 127245 [details] Patch. Rejecting attachment 127245 [details] from commit-queue. tsepez@chromium.org does not have committer permissions according to http://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/committers.py. - If you do not have committer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags. - If you have committer rights please correct the error in Tools/Scripts/webkitpy/common/config/committers.py by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your committer rights.
Comment on attachment 127245 [details] Patch. Clearing flags on attachment: 127245 Committed r107967: <http://trac.webkit.org/changeset/107967>
All reviewed patches have been landed. Closing bug.