DescriptionPrevent linear-time forcing of tokens by inducing XSSAuditor page blocks.
The page itself must control where the fragment to match ends,
otherwise leading-substring matches may be induced. The pre-conditions
required for this are expected to be uncommon.
BUG=498982
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=196971
Patch Set 1 : Test cases #Patch Set 2 : Fix leading substring match. #Patch Set 3 : Fix expected result. #
Total comments: 1
Patch Set 4 : Style. #
Messages
Total messages: 7 (3 generated)
|