Open Bug 336383 Opened 15 years ago Updated 3 years ago
DOM Range and Editor (design
Mode/exec Command/content Editable) fuzzer
This fuzzer creates random DOM Range objects, selects them, and calls random execCommand functions. It also tests most DOM Range functions.
* Converted it to use fuzz.js (see bug 339948). * Now works as a bookmarklet, by stuffing the page into an iframe.
Attachment #220613 - Attachment is obsolete: true
Joe, it would be great if you or someone else working on Editor could fix the crash bugs found with this fuzzer, bug 335995 and bug 336081, as well as a bug that seems to stop the fuzzer (or even the user) from making further changes to the document, bug 336091. Once those three bugs are fixed, another round or two of fuzzing should tell us whether there are any easy-to-find security holes involving the execCommand API.
Comment on attachment 242972 [details] DOM Range and designMode fuzzer 3.0 New version in bug 339948.
Attachment #242972 - Attachment is obsolete: true
Summary: DOM Range and designMode execCommand fuzzer → DOM Range and Editor (designMode/execCommand/contentEditable) fuzzer
I ended up splitting this into two DOMFuzz modules, but I'll keep tracking both their bugs here. https://github.com/MozillaSecurity/funfuzz/blob/master/dom/fuzzer/modules/editor.js https://github.com/MozillaSecurity/funfuzz/blob/master/dom/fuzzer/modules/range-and-selection.js
You need to log in before you can comment on or make changes to this bug.