Open Bug 1409251 Opened 7 years ago Updated 2 years ago

<style> elements in <svg> nodes are rendered as text when svg.disabled is set

Categories

(Core :: DOM: Security, defect, P5)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox57 --- fix-optional
firefox58 --- affected

People

(Reporter: tjr, Unassigned)

References

Details

(Whiteboard: [tor][domsecurity-backlog]) 

When svg.disabled is enabled, <style> elements in SVG are treated as regular text. It would be better to hide them.

Example: https://codepen.io/anon/pen/xgrmrO

Source:
> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:a="http://ns.adobe.com/AdobeSVGViewerExtensions/3.0/" x="0px" y="0px" width="50.7px" height="40.3px" viewBox="0 0 50.7 40.3" style="enable-background:new 0 0 50.7 40.3;" xml:space="preserve">
> <style>
>     path {
>         fill: currentColor;
>     }
> </style>
> <g>
> 	<path d="M47.1,8.4h-2.4c-0.7,0-1.4,0.2-2,0.6c0.7-1.5,1.2-3.1,1.4-4.8c0.2-1-0.1-2.1-0.8-2.9C42.6,0.5,41.6,0,40.6,0H10.4
> 		C9.4,0,8.4,0.5,7.7,1.3C7,2.1,6.7,3.1,6.9,4.2c1,6.2,4.8,11.2,10,13.8h-6.5c-0.3,0-0.6,0-0.8,0.1v-4.9c0-2-1.6-3.6-3.6-3.6H3.6
> 		c-2,0-3.6,1.6-3.6,3.6v6.6c0,2,1.6,3.6,3.6,3.6H6c0.4,0,0.7-0.1,1.1-0.2c0.7,3.3,2.2,6.2,4.3,8.5v7.4c0,0.7,0.5,1.2,1.2,1.2
> 		c0.7,0,1.2-0.5,1.2-1.2V34c3.2,2.5,7.3,4,11.7,4c4.5,0,8.6-1.5,11.8-4.1v5.2c0,0.7,0.5,1.2,1.2,1.2s1.2-0.5,1.2-1.2v-7.5
> 		c2.3-2.6,3.8-5.8,4.4-9.5c0,0,0,0,0,0c0.2,0,0.4,0.1,0.6,0.1h2.4c2,0,3.6-1.6,3.6-3.6V12C50.7,10,49.1,8.4,47.1,8.4z M9.2,3.8
> 		c-0.1-0.4,0-0.7,0.3-1c0.2-0.3,0.6-0.4,0.9-0.4h30.2c0.4,0,0.7,0.1,0.9,0.4c0.2,0.3,0.3,0.6,0.3,1c-1.3,8-8.1,13.9-16.3,13.9
> 		S10.5,11.8,9.2,3.8z M41.1,11.8c0,0.1,0,0.1,0,0.2V18c-0.2,0-0.3-0.1-0.5-0.1h-6.5C36.9,16.5,39.3,14.4,41.1,11.8z M3.6,21
> 		c-0.7,0-1.2-0.5-1.2-1.2v-6.6c0-0.7,0.5-1.2,1.2-1.2H6c0.7,0,1.2,0.5,1.2,1.2v6.6c0,0.1,0,0.3-0.1,0.4c0,0,0,0.1,0,0.1
> 		C6.9,20.7,6.5,21,6,21H3.6z M41.8,21.8c-1.3,8-8.1,13.9-16.3,13.9c-4.7,0-9-2-12-5.1c0,0-0.1-0.1-0.1-0.1c-2.1-2.3-3.6-5.3-4.2-8.6
> 		c0-0.2,0-0.3,0-0.5c0-0.1,0.1-0.2,0.1-0.3c0-0.1,0.1-0.1,0.1-0.2c0.2-0.3,0.6-0.4,0.9-0.4h30.2c0.4,0,0.7,0.1,0.9,0.4
> 		C41.7,21.1,41.8,21.4,41.8,21.8z M48.3,18.6c0,0.7-0.5,1.2-1.2,1.2h-2.4c-0.7,0-1.2-0.5-1.2-1.2V12c0-0.7,0.5-1.2,1.2-1.2h2.4
> 		c0.7,0,1.2,0.5,1.2,1.2V18.6z"></path>
> 	<circle cx="25.8" cy="9.3" r="1.5"></circle>
> </g>
> </svg>
Priority: -- → P5
Whiteboard: [tor] → [tor][domsecurity-backlog]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.