83794 – Typos in LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag*.html

Bug 83794 - Typos in LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag*.html

Summary: Typos in LayoutTests/http/tests/security/xssAuditor/script-tag-inside-svg-tag...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Trivial
Assignee:	Thomas Sepez

URL:
Keywords:	XSSAuditor

Depends on:
Blocks:

Reported:	2012-04-12 11:04 PDT by Thomas Sepez
Modified:	2012-04-12 11:57 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Patch (3.66 KB, patch) 2012-04-12 11:17 PDT, Thomas Sepez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Sepez 2012-04-12 11:04:04 PDT

Several changes needed to make the XSS in these test cases fire against actual vulnerable browser:
- %24 appears in a few places where %23 is required.  
- Appears webkit's httpd will terminate query parameters at unencoded semicolons ( ; )
- Misordered </svg></script> tags.

The tests are still valid, but it is more intuitive to see the XSS pop up.

Comment 1 Thomas Sepez 2012-04-12 11:17:20 PDT

Created attachment 136937 [details]
Patch

Only tests modified.

Comment 2 WebKit Review Bot 2012-04-12 11:57:41 PDT

Comment on attachment 136937 [details]
Patch

Clearing flags on attachment: 136937

Committed r114010: <http://trac.webkit.org/changeset/114010>

Comment 3 WebKit Review Bot 2012-04-12 11:57:47 PDT

All reviewed patches have been landed.  Closing bug.