/[blink]
Chromium logo

Revision 164749


Jump to revision: Previous Next
Author: tsepez@chromium.org
Date: Thu Jan 9 07:54:09 2014 UTC (9 years, 4 months ago)
Changed paths: 4
Log Message:
XSSAuditor takes post body from current request, not the original request.

In the face of a redirect, the information in the original body can't be
reflected in the final page, when we redirect from post to get, since the
get has no body.  And for a 307-style redirect from post to post, the body
will appear in the final post.

This avoids some false positives and also the possibility of some info
leaks from the original post.

BUG=331725
R=abarth@chromium.org

Review URL: https://codereview.chromium.org/128823003

Changed paths

Path Details
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/resources/static-script.html
(Copied from trunk/LayoutTests/fast/events/resources/before-unload-in-subframe-destination.html, r164748)
added , text changed , props changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-redirect-expected.txt added
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/script-tag-post-redirect.html added
Directorytrunk/Source/core/html/parser/XSSAuditor.cpp modified , text changed

Properties

Name Value
commit-bot commit-bot@chromium.org

Powered by ViewVC 1.1.26 ViewVC Help