Closed
Bug 522658
Opened 16 years ago
Closed 16 years ago
BASE tag is allowed more than once and outside the <head> section
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 515401
People
(Reporter: sirdarckcat, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB5
per html5, base tag should only be accepted once and inside the <head>
IE8 already performs this check..
http://zaz.sirdarckcat.net/zaz
Reproducible: Always
Steps to Reproduce:
1. Go to http://zaz.sirdarckcat.net/zaz/ (a script that alerts the location of the script being included).
2. See the alerts
Actual Results:
the alerts are:
a/b.js
a/b/c.js
a/b/c/d.js
a/b.js
a/b/c.js
a/b/c/d.js
Expected Results:
the alerts should be:
a/b.js
a/c.js
a/d.js
a/b.js
a/c.js
a/d.js
I'm not very good making testcases, and I tried to look for the bug, but I couldn't find it.. I think this is a well known bug for developers, so I guess its a dupe, but I couldnt find the bug where this is being discussed.
In any way, I want to propose this being fixed, or are there some details I'm missing?
Reporter | ||
Comment 1•16 years ago
|
||
the html5 spec:
http://www.whatwg.org/specs/web-apps/current-work/#the-base-element
Contexts in which this element may be used:
In a head element containing no other base elements.
Reporter | ||
Comment 2•16 years ago
|
||
the same issue affects webkit:
https://bugs.webkit.org/show_bug.cgi?id=30432
Apparently IE8 is the only browser following the spec
Reporter | ||
Comment 3•16 years ago
|
||
I want to add that this has security considerations, if an attacker is able to add a <base> tag in the middle of the source code, it may leak information to other domains.
Comment 4•16 years ago
|
||
(In reply to comment #1)
> the html5 spec:
> http://www.whatwg.org/specs/web-apps/current-work/#the-base-element
>
> Contexts in which this element may be used:
> In a head element containing no other base elements.
The bit in the spec talk about document conformance. Not about the processing model.
Reporter | ||
Comment 5•16 years ago
|
||
umm, what I would like to propose is to forbid this behavior in firefox.
http://sla.ckers.org/forum/read.php?2,14751
Since if IE8 can do it I guess the compatibility lost is not so big.. besides that imho it makes no sense to change the base URI more than once in a document.. (and outside head).
Updated•16 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
![]() |
||
Comment 7•16 years ago
|
||
> Since if IE8 can do it I guess the compatibility lost is not so big.
Does IE do this in all (3? 4?) of its rendering modes?
Reporter | ||
Comment 8•16 years ago
|
||
@Boris #7:
https://bugzilla.mozilla.org/show_bug.cgi?id=515401#c2
Since IE7
You need to log in
before you can comment on or make changes to this bug.
Description
•