Closed
Bug 649818
Opened 13 years ago
Closed 13 years ago
String.prototype.link does not html escape its parameter(s)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 352437
People
(Reporter: jhs, Unassigned)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16 Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0) Gecko/20100101 Firefox/4.0 String.prototype.link takes a text/plain url and should produce a text/html representation of a link to that url. Spidermonkey treats the url as if it's already quoted as text/html, though, which is not correct. Example: 'x'.link('javascript:alert("x")') Produces: '<a href="javascript:alert("x")">x</a>' (which the HTML parser interprets as '<a x")"="" href="javascript:alert(">x</a>') Correct result: '<a href="javascript:alert("x")">x</a>' Minimal fix: replace all " with """, all & with "&" and all "<" with "<". This probably goes both for the "this" argument (the link text) and the url parameter (the href-attribute-to-be), but at least for the url. Reproducible: Always Steps to Reproduce: 1. Run the bookmarklet javascript:void(prompt('html:','<&"'.link('<&"'))) Actual Results: <a href="<&""><&"</a> Expected Results: <a href="<&""><&"</a>, or perhaps <a href="<&""><&"</a>, if the string itself is supposed to already be text/html. This bug has probably been in there pretty much forever. Safari and IE9 have the same bug (IE generates an ALL UPPERCASE tag, though). Chrome produces '<a href="<&""><&"</a>' which at least produces a functional link.
Comment 1•13 years ago
|
||
Yeah, we really should fix it, but it's been low-priority compared to other bugfixing and feature work.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•