Closed Bug 1850932 Opened 2 years ago Closed 2 years ago

Ignore target names which contain `\n` and `<` characters

Categories

(Core :: DOM: HTML Parser, task)

Product:
Core
Component:
DOM: HTML Parser
Type:
task

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1835157

People

(Reporter: freddy, Unassigned)

References

Details

(Keywords: sec-want)

This is an HTML spec change that happened in https://github.com/whatwg/html/pull/9309 and was discussed in https://github.com/mozilla/standards-positions/issues/804, but apparently without a proper implementation bug.

The intent of this change is to prevent dangling markup attacks.
Compat impact is low and Chrome has shipped this behavior for a while now.

Oops.

Status: NEW → RESOLVED
Closed: 2 years ago
Duplicate of bug: 1835157
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.