Closed Bug 784367 Opened 12 years ago Closed 12 years ago

Problem on non-ASCII document.cookie & document.write

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
14 Branch
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla18

People

(Reporter: masa141421356, Assigned: emk)

References

(
URL
)

Details

Attachments

(1 file, 2 obsolete files)

patch for check in. r=bzbarsky
5.68 KB, patch
Details | Diff | Splinter Review
From https://twitter.com/jackmasa/status/236843727086317569 Following code writes '<img src="xx:x" onerror="alert(1)">' to document. Is this by design or bug ? <script> with(document)cookie='∼≩≭≧∯≳≲≣∽≸≸∺≸∠≯≮≥≲≲≯≲∽≡≬≥≲≴∨∱∩∾',write(cookie); </script>
URL: http://jsbin.com/ecarel
Status: NEW → UNCONFIRMED
Ever confirmed: false
document.cookie must be encoded/decoded as UTF-8 per spec. http://dev.w3.org/html5/spec/single-page.html#dom-document-cookie
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attachment #654178 - Flags: review?(bzbarsky)
Comment on attachment 654178 [details] [diff] [review] encode/decode document.cookie as UTF-8 per HTML5 spec r=me, but please add a test or two?
Attachment #654178 - Flags: review?(bzbarsky) → review+
Ugh, ConvertStringFromCharset("utf-8") also failed if the string is invalid as UTF-8... > please add a test or two? Done. one for decoding non-UTF-8 string from HTTP header, and the other for the example in comment #0.
Attachment #654178 - Attachment is obsolete: true
Attachment #657718 - Flags: review?(bzbarsky)
Comment on attachment 657718 [details] [diff] [review] encode/decode document.cookie as UTF-8 per HTML5 spec Do we have an existing bug on the missing kOnError_Recover support? If so, please link this code from that bug and add the bug number to the comment. If we don't have one, please file one and then do the above. r=me
Attachment #657718 - Flags: review?(bzbarsky) → review+
Attachment #657718 - Attachment is obsolete: true
(In reply to Masatoshi Kimura [:emk] from comment #8) > https://tbpl.mozilla.org/?tree=Try&rev=6c0769e869aa Green on Try. https://hg.mozilla.org/integration/mozilla-inbound/rev/af0971ca7acd
Assignee: nobody → VYV03354
Flags: in-testsuite+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/af0971ca7acd
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
-> VERIFIED Tested at Nightly/Windows build from http://hg.mozilla.org/mozilla-central/rev/0d3b17a88d5f
Status: RESOLVED → VERIFIED
Blocks: 654652
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: