Closed GoogleCodeExporter closed 9 years ago
Submit this code to: http://blog.supremedesign.ru/xss
<div style="color:red; margin-top:-120px; border:red solid;
background:blue;">test</div>
Original comment by designbi...@gmail.com
on 17 Aug 2008 at 4:08
Original comment by arshan.d...@gmail.com
on 19 Nov 2008 at 7:10
Original comment by arshan.d...@gmail.com
on 19 Nov 2008 at 7:14
Original comment by arshan.d...@gmail.com
on 25 Nov 2008 at 10:35
Note that this issue only seems to affect IE. It had no effect in Firefox (no
other
browsers tested).
Nonetheless, changed policy file to disallow negative margins.
Accomplished by replicating all numeric regular expressions and adding a
"positive"
version. For example, I added positiveNumber to match the regular expression for
number except that it does not allow negative numbers.
Then I changed the CSS margin property allowed values to be only positive
values.
Original comment by li.jaso...@gmail.com
on 17 Mar 2009 at 3:35
Change has been checked in.
Original comment by li.jaso...@gmail.com
on 17 Mar 2009 at 3:55
Original comment by arshan.d...@gmail.com
on 3 Aug 2009 at 2:41
Original issue reported on code.google.com by
designbi...@gmail.com
on 17 Aug 2008 at 4:06