Closed
Bug 786149
Opened 12 years ago
Closed 12 years ago
Universal XSS using utf-16be content with utf-16le header
Categories
(Core :: Internationalization, defect)
Core
Internationalization
Tracking
()
RESOLVED
FIXED
mozilla19
People
(Reporter: emk, Unassigned)
References
Details
Attachments
(1 file)
96 bytes,
text/html;charset=utf-16le
|
Details |
Only Firefox is vulnerable atm.
Reporter | ||
Updated•12 years ago
|
Attachment #655865 -
Attachment description: text/html;charset=utf-16le → Testcase
Attachment #655865 -
Attachment mime type: text/html → text/html;charset=utf-16le
Reporter | ||
Comment 1•12 years ago
|
||
Maybe we also need to implement "BOM trumps everything" rule per Encoding spec before fixing this.
Depends on: 716579
Reporter | ||
Comment 2•12 years ago
|
||
Fixed by bug 716579.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•12 years ago
|
Target Milestone: --- → mozilla19
You need to log in
before you can comment on or make changes to this bug.
Description
•