[Webkit-unassigned] [Bug 26825] innerHTML applies meta/link/title tags before getting commited.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 29 20:44:09 PDT 2009


------- Comment #4 from sirdarckcat at gmail.com  2009-06-29 20:44 PDT -------
#3 this can be used to escape a browser-level sandbox.

IE is the only other browser that executes code in "virtual" DOM (before
getting appended to the document)


This is a particular problem when a script is reconstructing a DOM by scratch.


Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list