Bug 254692
| Summary: | innerHTML and outerHTML escapes <, >, &, and nbsp inside `noscript` | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Ahmad Saleem <ahmad.saleem792> |
| Component: | DOM | Assignee: | Ryosuke Niwa <rniwa> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | annevk, cdumez, karlcow, rniwa, webkit-bug-importer |
| Priority: | P2 | Keywords: | BrowserCompat, InRadar, WPTImpact |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Ahmad Saleem
Hi Team,
This is last standing bug to make us parity with other browser engines (Blink & Gecko) [pass them all] and it has impact on following WPT tests:
>> html/syntax/serializing-html-fragments/serializing.html
>> html/syntax/parsing-html-fragments/tokenizer-modes-001.html
It can be done by adding 'noscript' below but with some considerations:
https://github.com/WebKit/WebKit/commit/a641fc693f57c0b0910a0c2bbb13796b34544ef1#diff-f783bf306bb85322c91bd87f08bb25550a2b7cbc13a6eb929f5ae9283c17e3c2
________________
Blink Commit (Initial for Support) - https://chromium-review.googlesource.com/c/chromium/src/+/886646
Blink Commit (Post above - Security Bug) - https://chromium.googlesource.com/chromium/src/+/4193ecf74963e69eb6b635d429ed5944bf30124a
^ I didn't added 'noscript' due to lack of skills and with opportunity that it could lead to similar or any other security issue. Hence, I would leave it with someone else to fix it.
_________________
Appreciate if someone can take it up and fix this last remaining bit.
Thanks!
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Ahmad Saleem
I am not sure about 'GetExecutionContext()', but this can be something possible:
if (parentName) {
bool isNoscriptTagWithScriptEnabled = *parentName == noscriptTag && text.script() && text.document().domWindow() && text.script()->canExecuteScripts(NotAboutToExecuteScript);
if (*parentName == scriptTag || *parentName == styleTag || *parentName == xmpTag
|| *parentName == noembedTag || *parentName == noframesTag || *parentName == plaintextTag
|| *parentName == iframeTag || isNoscriptTagWithScriptEnabled)
return EntityMaskInCDATA;
return EntityMaskInHTMLPCDATA;
}
In above 'script()' is wrong, I thought it might be equivalent of 'GetExecutionContext()' but I got build error as below:
no member named 'script' in 'WebCore::Text'
Radar WebKit Bug Importer
<rdar://problem/107678717>
Ryosuke Niwa
Pull request: https://github.com/WebKit/WebKit/pull/13388
EWS
Committed 263633@main (b731e7a77411): <https://commits.webkit.org/263633@main>
Reviewed commits have been landed. Closing PR #13388 and removing active labels.