Changeset 48458 in webkit
- Timestamp:
- Sep 16, 2009 11:45:17 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r48457 r48458 1 2009-09-16 Daniel Bates <dbates@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 https://bugs.webkit.org/show_bug.cgi?id=29306 6 7 Tests that scripts with accented characters do not bypass the XSSAuditor. 8 9 * http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt: Added. 10 * http/tests/security/xssAuditor/img-onerror-accented-char.html: Added. 11 1 12 2009-09-16 Adam Barth <abarth@webkit.org> 2 13 -
trunk/WebCore/ChangeLog
r48456 r48458 1 2009-09-16 Daniel Bates <dbates@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 https://bugs.webkit.org/show_bug.cgi?id=29306 6 7 Fixes an issue where an attack that contains accented characters can 8 bypass the XSSAuditor. 9 10 XSSAuditor::decodeURL used the wrong length for the input string. 11 When the input string was decoded, the decoded result was truncated. 12 Hence, XSSAuditor was comparing the source code of the script to the 13 truncated input parameters. 14 15 Test: http/tests/security/xssAuditor/img-onerror-accented-char.html 16 17 * page/XSSAuditor.cpp: 18 (WebCore::XSSAuditor::decodeURL): 19 1 20 2009-09-16 Brady Eidson <beidson@apple.com> 2 21 -
trunk/WebCore/page/XSSAuditor.cpp
r47858 r48458 176 176 url.replace('+', ' '); 177 177 result = decodeURLEscapeSequences(url); 178 String decodedResult = encoding.decode(result.utf8().data(), result.length()); 178 CString utf8Url = result.utf8(); 179 String decodedResult = encoding.decode(utf8Url.data(), utf8Url.length()); 179 180 if (!decodedResult.isEmpty()) 180 181 result = decodedResult;
Note: See TracChangeset
for help on using the changeset viewer.