Closed Bug 284161 Opened 20 years ago Closed 15 years ago

HTML parser allows NUL characters in attribute values

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mrbkap, Assigned: mrbkap)

Details

(Whiteboard: [fixed by the HTML5 parser])

Attachments

(1 file)

Testcase
755 bytes, text/html
Details 
We currently allow NUL characters in quite a few places in parser code that we
probably shouldn't. In the testcase in the URL, there are NUL values in the
"value" attribute of the text fields, which messes things up (both in
view-source and in the actual page). Fixing the issue on this page should be as
simple as putting a couple of StripChar()s in CAttributeToken::SanitizeValue()
and CAttributeToken::Consume().

I'm open to other suggestions, especially ones that will solve this more
globally (i.e., not just for attributes).
I seem to remember there beeing a bug that was about specifically allowing null
characters in HTML content, including attributes. I could be wrong, that was
many years ago...
Attached file Testcase 
QA Contact: mrbkap → parser
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: [fixed by the HTML5 parser]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: