Closed Bug 784367 Opened 8 years ago Closed 8 years ago

Problem on non-ASCII document.cookie & document.write

Categories

(Core :: DOM: Core & HTML, defect)

14 Branch
defect
Not set
minor

Tracking

()

VERIFIED FIXED
mozilla18

People

(Reporter: masa141421356, Assigned: emk)

References

()

Details

Attachments

(1 file, 2 obsolete files)

From https://twitter.com/jackmasa/status/236843727086317569

Following code writes '<img src="xx:x" onerror="alert(1)">' to document.
Is this by design or bug ?
<script>
  with(document)cookie='∼≩≭≧∯≳≲≣∽≸≸∺≸∠≯≮≥≲≲≯≲∽≡≬≥≲≴∨∱∩∾',write(cookie); 
</script>
Status: NEW → UNCONFIRMED
Ever confirmed: false
document.cookie must be encoded/decoded as UTF-8 per spec.
http://dev.w3.org/html5/spec/single-page.html#dom-document-cookie
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attachment #654178 - Flags: review?(bzbarsky)
Comment on attachment 654178 [details] [diff] [review]
encode/decode document.cookie as UTF-8 per HTML5 spec

r=me, but please add a test or two?
Attachment #654178 - Flags: review?(bzbarsky) → review+
Ugh, ConvertStringFromCharset("utf-8") also failed if the string is invalid as UTF-8...
> please add a test or two?
Done. one for decoding non-UTF-8 string from HTTP header, and the other for the  example in comment #0.
Attachment #654178 - Attachment is obsolete: true
Attachment #657718 - Flags: review?(bzbarsky)
Comment on attachment 657718 [details] [diff] [review]
encode/decode document.cookie as UTF-8 per HTML5 spec

Do we have an existing bug on the missing kOnError_Recover support?  If so, please link this code from that bug and add the bug number to the comment.  If we don't have one, please file one and then do the above.

r=me
Attachment #657718 - Flags: review?(bzbarsky) → review+
Attachment #657718 - Attachment is obsolete: true
(In reply to Masatoshi Kimura [:emk] from comment #8)
> https://tbpl.mozilla.org/?tree=Try&rev=6c0769e869aa

Green on Try.

https://hg.mozilla.org/integration/mozilla-inbound/rev/af0971ca7acd
Assignee: nobody → VYV03354
Flags: in-testsuite+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/af0971ca7acd
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
-> VERIFIED
Tested at Nightly/Windows build from http://hg.mozilla.org/mozilla-central/rev/0d3b17a88d5f
Status: RESOLVED → VERIFIED
Blocks: 654652
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.