DescriptionSanitize SVG animation attributes which could set JavaScript URL values.
When pasting we remove the hrefs from links with javascript: URLs
(among other things) because the scripts may be malicious. But SVG
animations can update hrefs indirectly, and we were not scrutinizing
those. This extends the sanitization to remove attributes from SVG
animations that contain JavaScript URLs because the animation could be
directed to set a href.
BUG=452059
TEST=webkit_unit_tests UnsafeSVGAttributeSanitizationTest.*
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=197006
Patch Set 1 #
Total comments: 8
Patch Set 2 : Thanks for feedback. #
Messages
Total messages: 11 (4 generated)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||