Issue 125513003: Test case for when the XSS vector is in the path.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 125513003: Test case for when the XSS vector is in the path. (Closed)

Created:
6 years, 11 months ago by Tom Sepez

Modified:
6 years, 11 months ago

Reviewers:
abarth-chromium

CC:
blink-reviews

Base URL:
svn://svn.chromium.org/blink/trunk

Visibility:
Public.

More Reviews

Description

Test case for when the XSS vector is in the path. We don't cover this very well at the moment, assuming instead that the path portion of the URL is handled in the same way as the query args (and in fact, the code doesn't break down the URL to distinguish these in any way so this seemed reasonable). BUG=330972 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=164746

Patch Set 1 #

Patch Set 2 : Rebase test. #

Created: 6 years, 11 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+35 lines, -7 lines)			Patch
A	LayoutTests/http/tests/security/xssAuditor/intercept/.htaccess	View		1 chunk	+2 lines, -0 lines	0 comments	Download
A +	LayoutTests/http/tests/security/xssAuditor/reflection-in-path.html	View		1 chunk	+6 lines, -6 lines	0 comments	Download
A	LayoutTests/http/tests/security/xssAuditor/reflection-in-path-expected.txt	View	1	1 chunk	+9 lines, -0 lines	0 comments	Download
A	LayoutTests/http/tests/security/xssAuditor/resources/echo-form-action.pl	View		1 chunk	+16 lines, -0 lines	0 comments	Download
M	Tools/Scripts/webkitpy/layout_tests/servers/lighttpd.conf	View		1 chunk	+2 lines, -1 line	0 comments	Download

Messages

Total messages: 5 (0 generated)

Expand Messages | Collapse Messages

Tom Sepez

Adam, please review. These tests show that we handle xss in paths properly given some ...

6 years, 11 months ago (2014-01-07 18:36:35 UTC) #1

Tom Sepez

On 2014/01/07 18:36:35, Tom Sepez wrote: > Adam, please review. These tests show that we ...

6 years, 11 months ago (2014-01-09 00:31:15 UTC) #2

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tsepez@chromium.org/125513003/40001

6 years, 11 months ago (2014-01-09 06:06:04 UTC) #4

Message was sent while issue was closed.

Change committed as 164746

Expand Messages | Collapse Messages