[Webkit-unassigned] [Bug 254692] New: innerHTML and outerHTML escapes <, >, &, and nbsp inside `noscript`
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 29 14:33:39 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=254692
Bug ID: 254692
Summary: innerHTML and outerHTML escapes <, >, &, and nbsp
inside `noscript`
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: BrowserCompat, WPTImpact
Severity: Normal
Priority: P2
Component: DOM
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ahmad.saleem792 at gmail.com
CC: cdumez at apple.com, rniwa at webkit.org
Hi Team,
This is last standing bug to make us parity with other browser engines (Blink & Gecko) [pass them all] and it has impact on following WPT tests:
>> html/syntax/serializing-html-fragments/serializing.html
>> html/syntax/parsing-html-fragments/tokenizer-modes-001.html
It can be done by adding 'noscript' below but with some considerations:
https://github.com/WebKit/WebKit/commit/a641fc693f57c0b0910a0c2bbb13796b34544ef1#diff-f783bf306bb85322c91bd87f08bb25550a2b7cbc13a6eb929f5ae9283c17e3c2
________________
Blink Commit (Initial for Support) - https://chromium-review.googlesource.com/c/chromium/src/+/886646
Blink Commit (Post above - Security Bug) - https://chromium.googlesource.com/chromium/src/+/4193ecf74963e69eb6b635d429ed5944bf30124a
^ I didn't added 'noscript' due to lack of skills and with opportunity that it could lead to similar or any other security issue. Hence, I would leave it with someone else to fix it.
_________________
Appreciate if someone can take it up and fix this last remaining bit.
Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230329/b354250f/attachment-0001.htm>
More information about the webkit-unassigned
mailing list