Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(154)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 23441066: XSSAuditor bypass with frameset tags. (Closed)

Created:
7 years, 3 months ago by Tom Sepez
Modified:
7 years, 3 months ago
Reviewers:
abarth-chromium
CC:
blink-reviews, dglazkov+blink, adamk+blink_chromium.org
Visibility:
Public.

Description

Patch Set 1 #

Total comments: 2

Patch Set 2 : Rename function. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+17 lines, -9 lines) Patch
A + LayoutTests/http/tests/security/xssAuditor/frameset-injection.html View 1 chunk +1 line, -1 line 0 comments Download
A + LayoutTests/http/tests/security/xssAuditor/frameset-injection-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl View 2 chunks +10 lines, -2 lines 0 comments Download
M Source/core/html/parser/XSSAuditor.h View 1 1 chunk +1 line, -1 line 0 comments Download
M Source/core/html/parser/XSSAuditor.cpp View 1 2 chunks +4 lines, -4 lines 0 comments Download

Messages

Total messages: 7 (0 generated)
Tom Sepez
Adam, please review.
7 years, 3 months ago (2013-09-13 20:14:22 UTC) #1
abarth-chromium
LGTM. That's embarassing. Sorry for missing that one. :( https://codereview.chromium.org/23441066/diff/1/Source/core/html/parser/XSSAuditor.cpp File Source/core/html/parser/XSSAuditor.cpp (right): https://codereview.chromium.org/23441066/diff/1/Source/core/html/parser/XSSAuditor.cpp#newcode357 Source/core/html/parser/XSSAuditor.cpp:357: ...
7 years, 3 months ago (2013-09-13 21:19:51 UTC) #2
Tom Sepez
https://codereview.chromium.org/23441066/diff/1/Source/core/html/parser/XSSAuditor.cpp File Source/core/html/parser/XSSAuditor.cpp (right): https://codereview.chromium.org/23441066/diff/1/Source/core/html/parser/XSSAuditor.cpp#newcode357 Source/core/html/parser/XSSAuditor.cpp:357: didBlockScript |= filterIframeToken(request); On 2013/09/13 21:19:51, abarth wrote: > ...
7 years, 3 months ago (2013-09-13 21:29:28 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tsepez@chromium.org/23441066/7001
7 years, 3 months ago (2013-09-13 21:34:02 UTC) #4
commit-bot: I haz the power
Retried try job too often on win_blink_rel for step(s) webkit_tests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=win_blink_rel&number=5641
7 years, 3 months ago (2013-09-13 23:35:04 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tsepez@chromium.org/23441066/7001
7 years, 3 months ago (2013-09-14 00:38:17 UTC) #6
commit-bot: I haz the power
7 years, 3 months ago (2013-09-14 02:03:19 UTC) #7
Message was sent while issue was closed. 
Change committed as 157794

Powered by Google App Engine
This is Rietveld 408576698