Issue 789915 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 780897
Owner:	----
Closed:	Nov 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: xss in data:text/html

Reported by 0xak...@gmail.com, Nov 30 2017

Issue description

this is poc data:text/html;base64,PHNjcmlwdD5hbGVydCgiYWtyZW0iKTwvc2NyaXB0Pg==

poc ( <script>('alert')</script> ) into base64

Comment 1 by 0xak...@gmail.com, Nov 30 2017

	Screenshot from 2017-11-30 12-33-44.png 14.5 KB View Download

Comment 2 by elawrence@chromium.org, Nov 30 2017

Status: WontFix (was: Unconfirmed)

This isn't an XSS attack, it's simply a text document served via a data URI that contains script. This is working as expected, and does not give the "attacker" any permissions of interest (as the code runs from an anonymous origin).

Comment 3 by elawrence@chromium.org, Nov 30 2017

Mergedinto: 780897
Status: Duplicate (was: WontFix)

Project Member

Comment 4 by sheriffbot@chromium.org, Mar 9 2018

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 789915 link

Issue metadata

Security: xss in data:text/html

Issue description

Comment 1 by 0xak...@gmail.com, Nov 30 2017

Comment 1 Deleted

Comment 2 by elawrence@chromium.org, Nov 30 2017

Comment 2 Deleted

Comment 3 by elawrence@chromium.org, Nov 30 2017

Comment 3 Deleted

Comment 4 by sheriffbot@chromium.org, Mar 9 2018

Comment 4 Deleted

Sign in to add a comment