[Webkit-unassigned] [Bug 193155] New: Parsed protocol of javascript URLs with embedded newlines and carriage returns do not match parsed protocol in Chrome and Firefox

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jan 4 13:19:51 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=193155

            Bug ID: 193155
           Summary: Parsed protocol of javascript URLs with embedded
                    newlines and carriage returns do not match parsed
                    protocol in Chrome and Firefox
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: cdumez at apple.com

Created attachment 358355

  --> https://bugs.webkit.org/attachment.cgi?id=358355&action=review

Test

Behavior of URLUtils.protocol() for some JavaScript URLs disagrees with the behavior in Chrome version 71.0.3578.98 and Firefox version 64.0. For instance, the URLUtils.protocol() for "javascript://:%0aalert(2)" and "javascript://:%0dalert(3)" returns ":" instead of "javascript:".

See attached test case.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190104/766ae068/attachment-0001.html>

More information about the webkit-unassigned mailing list