Issue 1007523003: Supress script during parser adjusting DOM node location

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 1007523003: Supress script during parser adjusting DOM node location (Closed)

Created:
5 years, 9 months ago by Hajime Morrita

Modified:
5 years, 9 months ago

Reviewers:
haraken

CC:
blink-reviews, dglazkov+blink, blink-reviews-html_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/blink.git@master

Target Ref:
refs/heads/master

Project:
blink

Visibility:
Public.

More Reviews

Description

Supress script during parser adjusting DOM node location This attack uses HTML parser's tree tweaking operation to trigger a script execution. This CL supresses it. This should be acceptable because: * It never happens with well-formed markup. * It only happens to a node being a child of <script>, which is unusual. BUG=464552 TEST=parser-adjust-parent-crash.html R=haraken@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=191807

Patch Set 1 #

Created: 5 years, 9 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+26 lines, -1 line)			Patch
A	LayoutTests/fast/dom/parser-adjust-parent-crash.html	View	1 chunk	+20 lines, -0 lines	0 comments	Download
A +	LayoutTests/fast/dom/parser-adjust-parent-crash-expected.txt	View	0 chunks	+-1 lines, --1 lines	0 comments	Download
M	Source/core/html/parser/HTMLConstructionSite.cpp	View	3 chunks	+7 lines, -2 lines	0 comments	Download

Messages

Total messages: 5 (1 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1007523003/1

5 years, 9 months ago (2015-03-13 01:15:36 UTC) #4

commit-bot: I haz the power

5 years, 9 months ago (2015-03-13 01:36:04 UTC) #5

Message was sent while issue was closed.

Committed patchset #1 (id:1) as
https://src.chromium.org/viewvc/blink?view=rev&revision=191807

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages