The source could not be displayed because it is larger than 1 MB.
You can
load it anyway or download it
instead.
-
abarth@webkit.org authored
Reviewed by David Levin. Remove XSSAuditor false positive for Google Translate https://bugs.webkit.org/show_bug.cgi?id=34242 Add a test that we allow attackers to inject directly into the href property of the base tag. * http/tests/security/xssAuditor/base-href-direct-expected.txt: Added. * http/tests/security/xssAuditor/base-href-direct.html: Added. * http/tests/security/xssAuditor/resources/echo-head-base-href-direct.pl: Added. 2010-01-28 Adam Barth <abarth@webkit.org> Reviewed by David Levin. Remove XSSAuditor false positive for Google Translate https://bugs.webkit.org/show_bug.cgi?id=34242 Google translate takes a base URL as a parameter, causing a false positive in the XSS filter. This patch removes the false positive by allowing direct injections into the href property of the base tag. Test: http/tests/security/xssAuditor/base-href-direct.html * page/XSSAuditor.cpp: (WebCore::XSSAuditor::canSetBaseElementURL): git-svn-id: svn://svn.chromium.org/blink/trunk@54010 bbb929c8-8fbe-4397-9dbb-9b2b20218538f4902b85