Closed
Bug 411791
Opened 17 years ago
Closed 14 years ago
Content Restriction tests that reflect the threat model
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: sayrer, Assigned: bsterne)
References
Details
This should be a set of HTML pages, and a PAC file that aliases evil.example.com. At a minimum, it should test inline scripts, javascript URLs, all event handler attributes (onclick, etc), plugins, frames, data urls, and XBL.
|
Reporter | |
Comment 1•17 years ago
|
||
The plugin tests should include malicious Java plugins and Flash plugins.
|
|
Reporter | |
Comment 2•17 years ago
|
||
Also LiveConnect
|
|
Reporter | |
Updated•17 years ago
|
Assignee: dveditz → nobody
Brandon's on this, I believe. We can probably get some whitehat help once the basics are up and running, so I think front-loading this work probably pays off.
Assignee: nobody → bsterne
Flags: wanted1.9.1+
|
Assignee | |
Comment 4•14 years ago
|
||
These tests have been checked in with the CSP patches in bugs 515433, 515437, 515442, 515443, and 515458. There are also a few more that will be checked in with bug 515460 in the next week or two.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•