[Webkit-unassigned] [Bug 12234] Using createContextualFragment to insert a <script> does not cause the script to execute
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 29 08:45:09 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=12234
--- Comment #11 from Adam Barth <abarth at webkit.org> 2010-11-29 08:45:08 PST ---
rniwa, thanks for being sensitive to creating XSS vulnerabilities. However, in this case, we're not opening up a new vulnerability. The attacker can already use other syntactic constructs to execute script, similar to how the attacker can run script via innerHTML even though innerHTML doesn't execute <script> tags.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list