Issue 712027 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Apr 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: xss & html injection

Reported by wawawawa...@gmail.com, Apr 16 2017

Issue description

i found a bug in your browser
with this bug the attacker can inject payload or html & js scripts
the vulnerable link is :
data:text/html,*********

we all say that js runs in data urls but this running is dangerous it's a special case...

-POC of xss :  data:text/html,<script>alert(1)</script>


-POC of open redirecting : data:text/html,<script>location.replace("https://google.com")</script>

-POC of html injection : data:text/html,html source code of google.com (it is long, and this can too be a scam source code)

html exploit exemple : <a href="data:text/html,************">new offer!!</a>

Comment 1 by nparker@chromium.org, Apr 16 2017

Status: WontFix (was: Unconfirmed)

Thank you for your report.  All these POC's are typical use of data:uri + html/js -- I don't see anything new here.  Also, navigation to data:uris will be blocked in M59, so these will be moot

Project Member

Comment 2 by sheriffbot@chromium.org, Jul 24 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 712027 link

Issue metadata

Security: xss & html injection

Issue description

Comment 1 by nparker@chromium.org, Apr 16 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Jul 24 2017

Comment 2 Deleted

Sign in to add a comment