[Webkit-unassigned] [Bug 193155] New: Parsed protocol of javascript URLs with embedded newlines and carriage returns do not match parsed protocol in Chrome and Firefox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 4 13:19:51 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=193155
Bug ID: 193155
Summary: Parsed protocol of javascript URLs with embedded
newlines and carriage returns do not match parsed
protocol in Chrome and Firefox
Product: WebKit
Version: WebKit Local Build
Hardware: All
OS: All
Status: NEW
Severity: Normal
Priority: P2
Component: HTML DOM
Assignee: webkit-unassigned at lists.webkit.org
Reporter: dbates at webkit.org
CC: cdumez at apple.com
Created attachment 358355
--> https://bugs.webkit.org/attachment.cgi?id=358355&action=review
Test
Behavior of URLUtils.protocol() for some JavaScript URLs disagrees with the behavior in Chrome version 71.0.3578.98 and Firefox version 64.0. For instance, the URLUtils.protocol() for "javascript://:%0aalert(2)" and "javascript://:%0dalert(3)" returns ":" instead of "javascript:".
See attached test case.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190104/766ae068/attachment-0001.html>
More information about the webkit-unassigned
mailing list