2009-09-16 Daniel Bates <dbates@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 17 Sep 2009 06:45:17 +0000 (06:45 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 17 Sep 2009 06:45:17 +0000 (06:45 +0000)
commit5c666ab24f169a8e98e554601bb22c510c761f3e
treec1ddad852a06decf3eef431c713e105183951cbe
parentb8701635e656a0a3e88a313ba7e1223e889c593e
2009-09-16  Daniel Bates  <dbates@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=29306

        Tests that scripts with accented characters do not bypass the XSSAuditor.

        * http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt: Added.
        * http/tests/security/xssAuditor/img-onerror-accented-char.html: Added.
2009-09-16  Daniel Bates  <dbates@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=29306

        Fixes an issue where an attack that contains accented characters can
        bypass the XSSAuditor.

        XSSAuditor::decodeURL used the wrong length for the input string.
        When the input string was decoded, the decoded result was truncated.
        Hence, XSSAuditor was comparing the source code of the script to the
        truncated input parameters.

        Test: http/tests/security/xssAuditor/img-onerror-accented-char.html

        * page/XSSAuditor.cpp:
        (WebCore::XSSAuditor::decodeURL):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@48458 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/img-onerror-accented-char.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/page/XSSAuditor.cpp