The default bug view has changed. See this FAQ.

Problem on non-ASCII document.cookie & document.write

VERIFIED FIXED in mozilla18

Status

()

Core
DOM
--
minor
VERIFIED FIXED
5 years ago
4 years ago

People

(Reporter: Masahiro YAMADA, Assigned: emk)

Tracking

14 Branch
mozilla18
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment, 2 obsolete attachments)

(Reporter)

Description

5 years ago
From https://twitter.com/jackmasa/status/236843727086317569

Following code writes '<img src="xx:x" onerror="alert(1)">' to document.
Is this by design or bug ?
<script>
  with(document)cookie='∼≩≭≧∯≳≲≣∽≸≸∺≸∠≯≮≥≲≲≯≲∽≡≬≥≲≴∨∱∩∾',write(cookie); 
</script>
(Reporter)

Updated

5 years ago
Status: NEW → UNCONFIRMED
Ever confirmed: false
line 1288 is probably causing all this:
http://dxr.lanedo.com/mozilla-central/content/html/document/src/nsHTMLDocument.cpp.html#l1288
(Assignee)

Comment 2

5 years ago
document.cookie must be encoded/decoded as UTF-8 per spec.
http://dev.w3.org/html5/spec/single-page.html#dom-document-cookie
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Comment 3

5 years ago
Created attachment 654178 [details] [diff] [review]
encode/decode document.cookie as UTF-8 per HTML5 spec
Attachment #654178 - Flags: review?(bzbarsky)
Comment on attachment 654178 [details] [diff] [review]
encode/decode document.cookie as UTF-8 per HTML5 spec

r=me, but please add a test or two?
Attachment #654178 - Flags: review?(bzbarsky) → review+
(Assignee)

Comment 5

5 years ago
Created attachment 657718 [details] [diff] [review]
encode/decode document.cookie as UTF-8 per HTML5 spec

Ugh, ConvertStringFromCharset("utf-8") also failed if the string is invalid as UTF-8...
> please add a test or two?
Done. one for decoding non-UTF-8 string from HTTP header, and the other for the  example in comment #0.
Attachment #654178 - Attachment is obsolete: true
Attachment #657718 - Flags: review?(bzbarsky)
Comment on attachment 657718 [details] [diff] [review]
encode/decode document.cookie as UTF-8 per HTML5 spec

Do we have an existing bug on the missing kOnError_Recover support?  If so, please link this code from that bug and add the bug number to the comment.  If we don't have one, please file one and then do the above.

r=me
Attachment #657718 - Flags: review?(bzbarsky) → review+
(Assignee)

Comment 7

5 years ago
Created attachment 658062 [details] [diff] [review]
patch for check in. r=bzbarsky

I found bug 638379.
(Assignee)

Updated

5 years ago
Attachment #657718 - Attachment is obsolete: true
(Assignee)

Comment 8

5 years ago
https://tbpl.mozilla.org/?tree=Try&rev=6c0769e869aa
Keywords: checkin-needed
(In reply to Masatoshi Kimura [:emk] from comment #8)
> https://tbpl.mozilla.org/?tree=Try&rev=6c0769e869aa

Green on Try.

https://hg.mozilla.org/integration/mozilla-inbound/rev/af0971ca7acd
Assignee: nobody → VYV03354
Flags: in-testsuite+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/af0971ca7acd
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
(Reporter)

Comment 11

5 years ago
-> VERIFIED
Tested at Nightly/Windows build from http://hg.mozilla.org/mozilla-central/rev/0d3b17a88d5f
Status: RESOLVED → VERIFIED
(Assignee)

Updated

4 years ago
Blocks: 654652
You need to log in before you can comment on or make changes to this bug.