DescriptionSupress script during parser adjusting DOM node location
This attack uses HTML parser's tree tweaking operation to trigger
a script execution. This CL supresses it. This should be acceptable
because:
* It never happens with well-formed markup.
* It only happens to a node being a child of <script>, which is unusual.
BUG=464552
TEST=parser-adjust-parent-crash.html
R=haraken@chromium.org
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=191807
Patch Set 1 #
Messages
Total messages: 5 (1 generated)
|