Issue 760872 link

Starred by 2 users

Issue metadata

Status:	Duplicate
Merged:	issue 257168
Owner:	----
Closed:	Aug 2017
Components:	Blink>SecurityFeature>XSSAuditor
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug

XSS Filter Bypass when target is */xml

Reported by qhdrn1...@gmail.com, Aug 31 2017

Issue description

Test environment : Chrome for mac ( 60.0.3112.113 )

XSS Filtering is normally applied when the content-type is text/html, but it is applied to text/xml or application/xml

TEST URL : http://123.123.123.123/lloyd.php?test=<script xmlns="http://www.w3.org/1999/xhtml">alert(1234)</script>

chrome xss.mov
5.7 MB Download

Comment 1 by qhdrn1...@gmail.com, Aug 31 2017

XSS Filtering is normally applied when the content-type is text/html, but it is not applied to text/xml or application/xml

Comment 2 by elawrence@chromium.org, Aug 31 2017

Components: Blink>SecurityFeature>XSSAuditor
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Summary: XSS Filter Bypass when target is */xml (was: Security: Chrome(60.0.3112.113) XSS Filter Bypass Vulnerability)

We track XSS Auditor issues as functional issues rather than security vulnerabilities: https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Are-XSS-filter-bypasses-considered-security-bugs-

Comment 3 by tsepez@chromium.org, Aug 31 2017

Mergedinto: 257168
Status: Duplicate (was: Unconfirmed)

Everything you say is true, but this is a known limitation of the XSSAuditor.  It is part of the HTML parser, not the XML parser and unfortunately will not be able to cover these situations.

►

Issue 760872 link

Issue metadata

XSS Filter Bypass when target is */xml

Issue description

Comment 1 by qhdrn1...@gmail.com, Aug 31 2017

Comment 1 Deleted

Comment 2 by elawrence@chromium.org, Aug 31 2017

Comment 2 Deleted

Comment 3 by tsepez@chromium.org, Aug 31 2017

Comment 3 Deleted

Sign in to add a comment