XSSAuditor should strip formaction attributes from input and button elements.
[WebKit-https.git] / Source / WebCore / html / parser / XSSAuditor.cpp
2013-02-28 mkwst@chromium.orgXSSAuditor should strip formaction attributes from...
2013-02-26 mkwst@chromium.orgXSSAuditor: Don't rely on implicit casting when copying...
2013-02-24 mkwst@chromium.orgCSP 1.1: Experiment with 'reflected-xss' directive.
2013-02-13 eric@webkit.orgFix HTMLToken::Attribute member naming and update calls...
2013-02-12 eric@webkit.orgRemove HTMLTokenTypes header (and split out AtomicHTMLT...
2013-02-07 tonyg@chromium.orgCall XSSAuditor.filterToken() from threaded HTML parser
2013-02-06 tonyg@chromium.orgCall XSSAuditor's didBlockScript() for the threaded...
2013-02-05 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-02-05 commit-queue@webki... Unreviewed, rolling out r141905.
2013-02-05 tonyg@chromium.orgCall XSSAuditor's didBlockScript() for the threaded...
2013-02-05 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-02-04 commit-queue@webki... XSS Auditor bypass via svg tags and xlink:href
2013-02-02 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove unsafe...
2013-02-01 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-02-01 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-01-31 tonyg@chromium.orgBegin to make XSSAuditor thread aware
2012-12-11 mkwst@chromium.orgWeb Inspector: ConsoleTypes should not expose MessageTy...
2012-11-28 tsepez@chromium.orgXSSAuditor bypass with script src=data: URL ending...
2012-11-20 tsepez@chromium.orgXSSAuditor::decodedSnippetForJavaScript stopping when...
2012-11-02 tsepez@chromium.orgSupport X-XSS-Protection: report=URL header syntax...
2012-11-02 tsepez@chromium.orgXSS blocker false positive when page contains <iframe...
2012-10-31 tsepez@chromium.orgSource/WebCore: Malformed X-XSS-Protection headers...
2012-10-25 tsepez@chromium.orgXSSAuditor must replace form action with about:blank...
2012-08-29 abarth@webkit.orgDeploy ASCIILiteral hotness throughout WebCore
2012-08-21 tsepez@chromium.orgXSSAuditor too tolerant of injected data: URLs from...
2012-06-01 tsepez@chromium.orgXSSAuditor bypass with leading /*///*/ comment
2012-04-26 benjamin@webkit.orgAdd a version of StringImpl::find() without offset
2012-04-05 abarth@webkit.orgXSSAuditor doesn't catch injected srcdoc attributes
2012-04-04 tsepez@chromium.orgXSSAuditor bypass through HTTP Parameter Pollution.
2012-03-23 tsepez@chromium.orgXSS Auditor bypass via script tag src=data:, URLS.
2012-02-25 tsepez@chromium.orgXSS Auditor targeting legitimate frames as false positives.
2012-02-23 tsepez@chromium.org[chromium] XSS Auditor bypass via javascript url and...
2012-02-22 tsepez@chromium.orgXSSAuditor bypass with <svg> tags and html-entities.
2012-02-16 tsepez@chromium.orgXSS Auditor bypass with U+2028/2029
2012-01-09 tsepez@chromium.orgTreat code="" attribute in embed tags similarly to...
2011-12-03 tsepez@chromium.orgXSSAuditor includes more terminating characters when...
2011-11-08 abarth@webkit.orgaddMessage's last few arguments should be optional
2011-11-02 commit-queue@webki... XSSAuditor is silent
2011-10-18 commit-queue@webki... XSSAuditor bypass with remote script ending in ? character
2011-10-01 isherman@chromium.orgFix assertion failure in XSS Auditor
2011-09-28 commit-queue@webki... Revert change which broke displaying end script tags...
2011-09-23 commit-queue@webki... Make XSSAuditor extract meaningful snippet from script...
2011-09-17 commit-queue@webki... Make XSSAuditor truncate inline snippets at a reasonabl...
2011-09-14 commit-queue@webki... Fix XSS auditor bypass when inline handlers contain...
2011-09-09 dbates@webkit.orgXSS filter bypass via non-standard URL encoding
2011-08-31 commit-queue@webki... Fix XSS filter bypass by multiply decoding both the...
2011-07-20 jpfau@apple.comNew Token class for XML
2011-05-31 dbates@webkit.org2011-05-30 Daniel Bates <dbates@webkit.org>