Handle line breaks correctly in comment end bang state
Categories
(Core :: DOM: HTML Parser, enhancement, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox68 | --- | fixed |
People
(Reporter: freddy, Assigned: hsivonen)
References
Details
Attachments
(2 files)
Example:
<!-- --!
><img src=1 onerror=alert(1)> -->
Should the <img> tag work if the closing comment is interrupted by newlines?
Note that interrupting the closing comment after the exclamation mark with a whitespaces (e.g., space 0x20 or tab 0x09) does not work.
|
Assignee | |
Comment 1•6 years ago
|
||
Looks like a bug!
|
|
Assignee | |
Comment 2•6 years ago
|
||
|
|
Assignee | |
Comment 3•6 years ago
|
||
Upstream tests: https://github.com/html5lib/html5lib-tests/pull/121
|
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 4•6 years ago
|
||
|
|
Assignee | |
Comment 5•6 years ago
|
||
Using ni for r? on the Java patch, since actual r? is blocked. Note that the patch has test harness changes that aren't reflected in C++.
|
|
Assignee | |
Comment 6•6 years ago
|
||
Intentionally leaving error reporting changes to bug 1541853.
|
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 7•6 years ago
|
||
(In reply to Henri Sivonen (:hsivonen) from comment #3)
Upstream tests: https://github.com/html5lib/html5lib-tests/pull/121
The CR and CRLF cases are tested on Java side only, because we can't run tokenizer tests in the Gecko context, and putting CR or CRLF in tree builder tests would get broken by the next person's text editor.
Try run:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=01c8f6f5e8669b635cda9c26e51550684b76a49d
|
||
Updated•6 years ago
|
|
|
||
Updated•6 years ago
|
|
|
||
Updated•6 years ago
|
|
|
Assignee | |
Comment 9•6 years ago
|
||
|
||
Comment 10•6 years ago
|
||
| bugherder | ||
|
||
Updated•6 years ago
|
Description
•