Closed
Bug 522658
Opened 15 years ago
Closed 15 years ago
BASE tag is allowed more than once and outside the <head> section
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 515401
People
(Reporter: sirdarckcat, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB5 per html5, base tag should only be accepted once and inside the <head> IE8 already performs this check.. http://zaz.sirdarckcat.net/zaz Reproducible: Always Steps to Reproduce: 1. Go to http://zaz.sirdarckcat.net/zaz/ (a script that alerts the location of the script being included). 2. See the alerts Actual Results: the alerts are: a/b.js a/b/c.js a/b/c/d.js a/b.js a/b/c.js a/b/c/d.js Expected Results: the alerts should be: a/b.js a/c.js a/d.js a/b.js a/c.js a/d.js I'm not very good making testcases, and I tried to look for the bug, but I couldn't find it.. I think this is a well known bug for developers, so I guess its a dupe, but I couldnt find the bug where this is being discussed. In any way, I want to propose this being fixed, or are there some details I'm missing?
Reporter | ||
Comment 1•15 years ago
|
||
the html5 spec: http://www.whatwg.org/specs/web-apps/current-work/#the-base-element Contexts in which this element may be used: In a head element containing no other base elements.
Reporter | ||
Comment 2•15 years ago
|
||
the same issue affects webkit: https://bugs.webkit.org/show_bug.cgi?id=30432 Apparently IE8 is the only browser following the spec
Reporter | ||
Comment 3•15 years ago
|
||
I want to add that this has security considerations, if an attacker is able to add a <base> tag in the middle of the source code, it may leak information to other domains.
Comment 4•15 years ago
|
||
(In reply to comment #1) > the html5 spec: > http://www.whatwg.org/specs/web-apps/current-work/#the-base-element > > Contexts in which this element may be used: > In a head element containing no other base elements. The bit in the spec talk about document conformance. Not about the processing model.
Reporter | ||
Comment 5•15 years ago
|
||
umm, what I would like to propose is to forbid this behavior in firefox. http://sla.ckers.org/forum/read.php?2,14751 Since if IE8 can do it I guess the compatibility lost is not so big.. besides that imho it makes no sense to change the base URI more than once in a document.. (and outside head).
Updated•15 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Comment 7•15 years ago
|
||
> Since if IE8 can do it I guess the compatibility lost is not so big.
Does IE do this in all (3? 4?) of its rendering modes?
Reporter | ||
Comment 8•15 years ago
|
||
@Boris #7: https://bugzilla.mozilla.org/show_bug.cgi?id=515401#c2 Since IE7
You need to log in
before you can comment on or make changes to this bug.
Description
•