WebKit GIT trees - WebKit-https.git/commit

2009-09-16  Daniel Bates  <dbates@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=29306

        Tests that scripts with accented characters do not bypass the XSSAuditor.

        * http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt: Added.
        * http/tests/security/xssAuditor/img-onerror-accented-char.html: Added.
2009-09-16  Daniel Bates  <dbates@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=29306

        Fixes an issue where an attack that contains accented characters can
        bypass the XSSAuditor.

        XSSAuditor::decodeURL used the wrong length for the input string.
        When the input string was decoded, the decoded result was truncated.
        Hence, XSSAuditor was comparing the source code of the script to the
        truncated input parameters.

        Test: http/tests/security/xssAuditor/img-onerror-accented-char.html

        * page/XSSAuditor.cpp:
        (WebCore::XSSAuditor::decodeURL):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@48458 268f45cc-cd09-0410-ab3c-d52691b4dbfc

author	abarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Thu, 17 Sep 2009 06:45:17 +0000 (06:45 +0000)
committer	abarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Thu, 17 Sep 2009 06:45:17 +0000 (06:45 +0000)
commit	5c666ab24f169a8e98e554601bb22c510c761f3e
tree	c1ddad852a06decf3eef431c713e105183951cbe	tree \| snapshot
parent	b8701635e656a0a3e88a313ba7e1223e889c593e	commit \| diff

LayoutTests/ChangeLog		diff \| blob \| history
LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt	[new file with mode: 0644]	blob
LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char.html	[new file with mode: 0644]	blob
WebCore/ChangeLog		diff \| blob \| history
WebCore/page/XSSAuditor.cpp		diff \| blob \| history