/[blink]
Chromium logo

Revision 191807


Jump to revision: Previous Next
Author: morrita@chromium.org
Date: Fri Mar 13 01:35:59 2015 UTC (8 years, 2 months ago)
Changed paths: 3
Log Message:
Supress script during parser adjusting DOM node location

This attack uses HTML parser's tree tweaking operation to trigger
a script execution. This CL supresses it. This should be acceptable
because:

 * It never happens with well-formed markup.
 * It only happens to a node being a child of <script>, which is unusual.

BUG=464552
TEST=parser-adjust-parent-crash.html
R=haraken@chromium.org

Review URL: https://codereview.chromium.org/1007523003

Changed paths

Path Details
Directorytrunk/LayoutTests/fast/dom/parser-adjust-parent-crash-expected.txt
(Copied from trunk/LayoutTests/fast/forms/textarea/textarea-autofocus-removal-while-focusing-with-style-expected.txt, r191806)
added , props changed
Directorytrunk/LayoutTests/fast/dom/parser-adjust-parent-crash.html added
Directorytrunk/Source/core/html/parser/HTMLConstructionSite.cpp modified , text changed

Properties

Name Value
commit-bot commit-bot@chromium.org

Powered by ViewVC 1.1.26 ViewVC Help