Closed
Bug 362235
Opened 18 years ago
Closed 14 years ago
don't parse <script/xss> as a script tag
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: BijuMailList, Unassigned)
References
Details
(Keywords: testcase)
Attachments
(1 file)
353 bytes,
text/html
|
Details |
Currently firefox treat <p>some content</p> <script/xss src="data:,alert('should not see alert')"></script> <p>some other content</p> as if it was <p>some content</p> <script src="data:,alert%28%27should%20not%20see%20alert%27%29"></script> <p>some other content</p> to reduce XSS, if there is an invalid node name charcter in aby TAG please display the TAG as a text. <p>some content</p> <script/xss src="data:,alert('should not see alert')"> <p>some other content</p> see attachment script_tag_xss.html PS: close this bug if it is against HTML sec.
credits http://ha.ckers.org/xss.html
Updated•18 years ago
|
Assignee: nobody → mrbkap
Component: Layout → HTML: Parser
QA Contact: layout → parser
Comment 3•18 years ago
|
||
What do other browsers do?
(In reply to comment #3) > What do other browsers do? same, as per http://ha.ckers.org/xss.html I tried it in IE, got same result you can test it at http://www.w3schools.com/html/tryit.asp?filename=tryhtml_basic using <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Updated•15 years ago
|
Assignee: mrbkap → nobody
Updated•14 years ago
|
Summary: dont process <script/xss → don't parse <script/xss> as a script tag
Comment 5•14 years ago
|
||
Per HTML5, the <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> must be treated equivalently to <SCRIPT XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>. > PS: close this bug if it is against HTML sec. Marking invalid.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•