New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 629789 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2016
Cc:
rnimmagadda@chromium.org
durga.behera@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Cross-Site Scripting XSS in Google Chrome

Reported by marwannh...@gmail.com, Jul 20 2016 
Chrome Version       : version 51.0.2704.103
URLs (if applicable) :
Other browsers tested:
  
    Firefox: OK
         IE: fail

steps will reproduce the problem:
(1)open google chrome
(2)then,go to this link: 
   data:text/html;script,"><script>alert('xss by marwan')</script>

What is the expected result? What happens instead?
As you can see my name(xss by marwan) that we have given in parentheses displayed, and this is proof that the application is infected Vulnerability

additional information below. Attach a screenshot:

Comment 1 by durga.behera@chromium.org, Jul 21 2016

Cc: durga.behera@chromium.org
Components: UI>Browser>Preferences>Protector
Labels: Needs-Feedback M-51
On a Win 7 machine Chrome 51.0.2704.106 and canary 54.0.2803.0 as well FireFox displays the same.
Not sure if its really an issue.
Cced respective dev group to further triage it.

On the other note what is the expected result and what is the OS used.

Comment 2 by rnimmagadda@chromium.org, Aug 24 2016

Cc: rnimmagadda@chromium.org
Labels: -Needs-Feedback
Status: WontFix (was: Unconfirmed)
Due to lack of user response we are closing this issue for now. Please feel free to file a new issue if you come across this issue again.

Sign in to add a comment