XSS Filter Bypass in Edge
Tuesday, April 19, 2016 @ 04:04 PM gHale
There is a bypass for Microsoft Edge’s built-in XSS filter, a researcher found.
XSS filters are present in almost all browsers, and they ended up added in to stop XSS (cross-site scripting) attacks at the browser level, before reaching the website and its users.
Browser makers have been fighting to bolster Web security by taking it in their hands to prevent some simplistic attacks like XSS and CSRF. For example, besides XSS, there are anti-CSRF measures also included with browsers in the form of anti-CSRF tokens passed to cookies.
“IE had a flaw in the past where you could use the location object as a function and combine toString/valueOf in an object literal to execute code. Basically you use the object literal as a fake array which calls the join function that constructs a string from the object literal and passes it to valueOf which in turn passes it to the location object,” Heyes said in a blog post.
As Heyes mentioned, this was a flaw that got ported from some Internet Explorer (IE) code that made it into Edge, even if Edge is a new product altogether.
The issue ended up fixed in IE, but is not in Edge.