Issue 692365 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	tsepez@chromium.org
Closed:	Feb 2017
Components:	Blink>SecurityFeature
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug
Via-Wizard-Security

Chrome XSS Auditor Bypass.

Reported by mishra.d...@gmail.com, Feb 15 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0

Steps to reproduce the problem:
Code:

What is the expected behavior?

What went wrong?
<!DOCTYPE html>
<html>
<head>
<script>
if (window.testRunner) {
    testRunner.dumpAsText();
    testRunner.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<img src="x" onerror="alert('bye');//!!!&lt;/html">
</body>
</html>

Please find attachment for reference. 

Did this work before? N/A 

Chrome version: 56.0.2924.87 (Official Build) (64-bit)  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 24.0 r0

12.html
245 bytes View Download

Comment 1 by och...@chromium.org, Feb 15 2017

Components: Blink>SecurityFeature
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Owner: tsepez@chromium.org
Status: WontFix (was: Unconfirmed)

Unless I'm misunderstanding something here, this isn't something XSS auditor can detect. Nothing here seems to be the result of a bad query parameter being injected into the page.

Keeping tsepez in the loop in case I'm wrong.

Comment 2 by tsepez@chromium.org, Feb 15 2017

No, we'd need to have the URL contain an encoded representation of the payload.  There's nothing here pulled from an URL.

►

Issue 692365 link

Issue metadata

Chrome XSS Auditor Bypass.

Issue description

Comment 1 by och...@chromium.org, Feb 15 2017

Comment 1 Deleted

Comment 2 by tsepez@chromium.org, Feb 15 2017

Comment 2 Deleted

Sign in to add a comment