Issue 421623003: XSSAuditor: treat questionmark as a non-canonical character.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 421623003: XSSAuditor: treat questionmark as a non-canonical character. (Closed)

Created:
6 years, 5 months ago by Tom Sepez

Modified:
6 years, 4 months ago

Reviewers:
abarth-chromium

CC:
blink-reviews, blink-reviews-html_chromium.org, dglazkov+blink

Base URL:
svn://svn.chromium.org/blink/trunk

Project:
blink

Visibility:
Public.

More Reviews

Description

XSSAuditor: treat questionmark as a non-canonical character. We've seen recent examples of servers that replace an invalid set of of high-bytes with a literal questionmark. We are already excluding the high bytes from consideration, so we do the same with the questionmark to ensure a match should this happen. To test this, we hack up our "server script" to replace an arbitrary high byte with a questionmark. This is sufficient for testing although it may not match any real server. BUG=395351 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=179161

Patch Set 1 #

Created: 6 years, 5 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+13 lines, -7 lines)			Patch
M	LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl	View	1 chunk	+5 lines, -1 line	0 comments	Download
A +	LayoutTests/http/tests/security/xssAuditor/script-tag-replaced-with-questionmark.html	View	1 chunk	+1 line, -1 line	0 comments	Download
A +	LayoutTests/http/tests/security/xssAuditor/script-tag-replaced-with-questionmark-expected.txt	View	1 chunk	+1 line, -3 lines	0 comments	Download
M	Source/core/html/parser/XSSAuditor.cpp	View	1 chunk	+6 lines, -2 lines	0 comments	Download

Messages

Total messages: 4 (0 generated)

Expand Messages | Collapse Messages

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tsepez@chromium.org/421623003/1

6 years, 4 months ago (2014-07-29 16:31:34 UTC) #3

Message was sent while issue was closed.

Change committed as 179161

Expand Messages | Collapse Messages