Open Bug 343943 Opened 15 years ago Updated 5 years ago
HTML Element and Attribute fuzzer
This fuzzer creates random HTML elements and attributes, based on a list I made while looking at the HTML 4 and HTML 3.2 DTDs. It also removes attributes, creates text nodes, and does StirDOM-like things. So far, I have discovered six bugs with it: bug 343540, bug 343588, bug 343596, bug 343599, bug 343850, and bug 343940. It requires fuzz.js, which you can get from bug 339948.
While this fuzzer knows which attributes are typical for each element and which values are typical for each attribute, it violates each of these (picking a random attribute or a value that makes sense only for a different attribute) one fifth of the time.
* Added <marquee> and <blink>. * Made various tweaks that will hopefully result in finding bugs more quickly and having easier reductions.
Attachment #228509 - Attachment is obsolete: true
Bug 344486 has a similar fuzzer for XUL.
I could use this as a 'plugin' for bug 321107 (as many other fuzzers, probably).
Shouldn't have security bugs assigned to nobody. Jesse can own his test bugs
Assignee: nobody → jruderman
Comment on attachment 242974 [details] HTML Element and Attribute fuzzer 3.0 New version in bug 339948.
Attachment #242974 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.