[chromium] XSS Auditor bypass via javascript url and control characters
authortsepez@chromium.org <tsepez@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 23 Feb 2012 19:46:48 +0000 (19:46 +0000)
committertsepez@chromium.org <tsepez@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 23 Feb 2012 19:46:48 +0000 (19:46 +0000)
commitf880ffc5e3e819ba1ff98e702b6fb946585edd56
tree5d4174e8018adfba055c80a7cea080c96de29216
parentb323f1a4b8bcf3d66cd322e64c2a3a46165d9919
[chromium] XSS Auditor bypass via javascript url and control characters
https://bugs.webkit.org/show_bug.cgi?id=79154

Reviewed by Adam Barth.

Source/WebCore:

Test: http/tests/security/xssAuditor/javascript-link-control-char2.html

* html/parser/XSSAuditor.cpp:
(WebCore):
(WebCore::XSSAuditor::eraseDangerousAttributesIfInjected):

LayoutTests:

* http/tests/security/xssAuditor/javascript-link-control-char2-expected.txt: Added.
* http/tests/security/xssAuditor/javascript-link-control-char2.html: Added.
* platform/chromium/http/tests/security/xssAuditor: Added.
* platform/chromium/http/tests/security/xssAuditor/javascript-link-control-char2-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@108653 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/xssAuditor/javascript-link-control-char2-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/javascript-link-control-char2.html [new file with mode: 0644]
LayoutTests/platform/chromium/http/tests/security/xssAuditor/javascript-link-control-char2-expected.txt [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/parser/XSSAuditor.cpp