Issue metadata
Sign in to add a comment
|
XSS Auditor Bypass via OnAuxClick
Reported by
mishra.d...@gmail.com,
May 18 2017
|
||||||||||||||||||
Issue description
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0
Steps to reproduce the problem:
Code :
<!DOCTYPE html>
<html>
<head>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<button onauxclick=alert(1)>Right-Click Me</button>
</body>
</html>
What is the expected behavior?
What went wrong?
Please save the above code in .html and right click on the respective button, it generates an XSS.
Did this work before? N/A
Chrome version: 58.0.3029.110 (Official Build) (64-bit) Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version:
,
May 18 2017
The refrence was taken from Bug ID 690028#c5, Tom shared a link for one of my test case.
,
May 18 2017
This bug seems to reflect the same confusion as shown in 690028. The XSS Auditor does not ever block script from executing in the page unless the XSS Auditor can determine that the script in question was supplied in the URL or a POST body that was sent to the target page. Simple execution of script in HTML does not suggest a bypass of the XSS Auditor.
,
Aug 25 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, May 18 2017Summary: XSS Auditor Bypass via OnAuxClick (was: XSS Auditor Bypass)