[Webkit-unassigned] [Bug 254617] New: innerHTML serialization should not have a special handling for javascript: URLs
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 28 13:54:12 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=254617
Bug ID: 254617
Summary: innerHTML serialization should not have a special
handling for javascript: URLs
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: BrowserCompat, WPTImpact
Severity: Normal
Priority: P2
Component: DOM
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ahmad.saleem792 at gmail.com
Created attachment 465640
--> https://bugs.webkit.org/attachment.cgi?id=465640&action=review
Partial Patch for Merge - Local Testing (Build) .cpp side
Hi Team,
While going through Chromium's Monorail, I came across another failing test case:
What steps will reproduce the problem?
(1) Open the following URL
data:text/html;charset=utf-8,<body> <div id=target><a href="javascript:"foobar"">link</a></div> <pre></pre> <script> alert(document.querySelector('div').innerHTML); </script> </body>
What is the expected result?
It should show an alert dialog with:
<a href="javascript:"foobar"">link</a>
What happens instead?
It shows an alert dialog with:
<a href='javascript:"foobar"'>link</a>
Chrome Bug - https://bugs.chromium.org/p/chromium/issues/detail?id=927164
Blink Commit - https://chromium.googlesource.com/chromium/src.git/+/a806a0593906b75b9396d3bbd092bdda9161bf4c
WPT Tests Progression - Two subtests of http://wpt.live/html/syntax/serializing-html-fragments/serializing.html
Just wanted to raise so we can fix and get more WPT wins and browser compat wins.
Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230328/8be92b88/attachment.htm>
More information about the webkit-unassigned
mailing list