[XSS Auditor] Partial bypass when web server collapses path components
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Jan 2016 21:37:49 +0000 (21:37 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Jan 2016 21:37:49 +0000 (21:37 +0000)
commit77b6cad532aedd28d4b3bc285fe34811aff7cac8
tree81434b35e8df7b5994ec9e9a9cfbb1b9cdc0355e
parente026565a9d8fba23c7e75affc21826c5fc3732bb
[XSS Auditor] Partial bypass when web server collapses path components
https://bugs.webkit.org/show_bug.cgi?id=152872

Reviewed by Brent Fulgham.

Merged from Blink (patch by Tom Sepez <tsepez@chromium.org>):
<https://src.chromium.org/viewvc/blink?revision=167610&view=revision>

Source/WebCore:

Test: http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html

* html/parser/XSSAuditor.cpp:
(WebCore::isNonCanonicalCharacter):
(WebCore::XSSAuditor::init):
(WebCore::XSSAuditor::decodedSnippetForName):
(WebCore::XSSAuditor::decodedSnippetForAttribute):
(WebCore::XSSAuditor::decodedSnippetForJavaScript):
(WebCore::fullyDecodeString): Deleted.

LayoutTests:

* http/tests/security/xssAuditor/embed-tag-in-path-unterminated-expected.txt: Added.
* http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html: Added.
* http/tests/security/xssAuditor/intercept/.htaccess:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195073 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/xssAuditor/embed-tag-in-path-unterminated-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/intercept/.htaccess
Source/WebCore/ChangeLog
Source/WebCore/html/parser/XSSAuditor.cpp