Issue 696288 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Feb 2017
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug-Security
allpublic Via-Wizard-Security

UXSS via Bookmark

Reported by mishra.d...@gmail.com, Feb 26 2017

Issue description

UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0

Steps to reproduce the problem:
Show a warning when a user tries to bookmark a javascript: url.

What is the expected behavior?

What went wrong?
Attaching the Video POC for reference 

Did this work before? N/A 

Chrome version: 57.0.2987.74 (Official Build) beta (64-bit)  Channel: beta
OS Version: V8 5.7.492.55
Flash Version: Shockwave Flash 24.0 r0

	Chrome_Beta_UXSS.mp4 1.3 MB View Download

Comment 1 by elawrence@chromium.org, Feb 26 2017

Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)

This is called a "Bookmarklet" and it's a feature that is working as intended.

This is discussed here: 
https://www.chromium.org/Home/chromium-security/security-faq#TOC-Does-entering-JavaScript:-URLs-in-the-URL-bar-or-running-script-in-the-developer-tools-mean-there-s-an-XSS-vulnerability-

►

Issue 696288 link

Issue metadata

UXSS via Bookmark

Issue description

Comment 1 by elawrence@chromium.org, Feb 26 2017

Comment 1 Deleted

Sign in to add a comment