Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(9)

Issue 1187843005: XSSAuditor: Dont give a pass to subsequent script blocks if first one is empty. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
2 years ago by Tom Sepez
Modified:
2 years ago
Reviewers:
Mike West
CC:
blink-reviews, blink-reviews-html_chromium.org, dglazkov+blink
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

XSSAuditor: Dont give a pass to subsequent script blocks if first one is empty. Script bodies are filtered in chunks with the earliest chunk controlling the suppression of subsequent ones. But we may fail to match if the first chunk can be reduced to an empty string. Keep looking in that case. BUG=500877 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=197282

Patch Set 1 #

Messages

Total messages: 10 (4 generated)
Tom Sepez
Mike, for review. Legitimate bypass.
2 years ago (2015-06-16 18:21:55 UTC) #2
Mike West
Makes sense to me, thanks for adding the test. LGTM.
2 years ago (2015-06-17 08:49:42 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1187843005/1
2 years ago (2015-06-17 17:38:21 UTC) #5
commit-bot: I haz the power
Try jobs failed on following builders: win_blink_rel on tryserver.blink (JOB_FAILED, http://build.chromium.org/p/tryserver.blink/builders/win_blink_rel/builds/67057)
2 years ago (2015-06-17 18:20:52 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1187843005/1
2 years ago (2015-06-17 19:19:06 UTC) #9
commit-bot: I haz the power
2 years ago (2015-06-17 21:30:25 UTC) #10
Message was sent while issue was closed.
Committed patchset #1 (id:1) as
https://src.chromium.org/viewvc/blink?view=rev&revision=197282
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 23e94e589