angler-fishThe Vulnerability History Project

Prevent linear-time forcing of tokens by inducing XSSAuditor page blocks.

      The page itself must control where the fragment to match ends,
otherwise leading-substring matches may be induced.  The pre-conditions
required for this are expected to be uncommon.

BUG=498982

Review URL: https://codereview.chromium.org/1179633002

git-svn-id: svn://svn.chromium.org/blink/trunk@196971 bbb929c8-8fbe-4397-9dbb-9b2b20218538
by Bernard the Sea Lion 2015-06-11 20:25:33 UTC
commit a9b3b3ea911c133c2575fd1c1c2e7571068d55c0
Chromium Fix CVE-2015-1285
third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment-expected.txt
-8
third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/form-action-token-fragment.html
-29
third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/resources/echo-form-action.pl
+1 -5
third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp
+1 -8
expand_less