Bug 30432

Summary: BASE tag is allowed more than once and outside the <head> section
Product: WebKit Reporter: eduardo vela <sirdarckcat>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: ahmad.saleem792, ap, bfulgham, cdumez, rniwa
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
URL: http://zaz.sirdarckcat.net/zaz

Description eduardo vela 2009-10-16 01:10:42 PDT
Reproducible: Always

Steps to Reproduce:
1. Go to http://zaz.sirdarckcat.net/zaz/ (a script that alerts the location of
the script being included).
2. See the alerts
Actual Results:  
the alerts are:
a/b.js
a/b/c.js
a/b/c/d.js
a/b.js
a/b/c.js
a/b/c/d.js

Expected Results:  
the alerts should be:
a/b.js
a/c.js
a/d.js
a/b.js
a/c.js
a/d.js

I'm not very good making testcases, and I tried to look for the bug, but I
couldn't find it.. I think this is a well known bug for developers, so I guess
its a dupe, but I couldnt find the bug where this is being discussed.

In any way, I want to propose this being fixed, or are there some details I'm
missing?
Comment 1 eduardo vela 2009-10-16 01:12:53 PDT
I should have reported this here instead of chromium:
http://code.google.com/p/chromium/issues/detail?id=25017

And I also submitted a bug report for firefox:
https://bugzilla.mozilla.org/show_bug.cgi?id=522658
Comment 2 eduardo vela 2009-10-16 01:25:59 PDT
I want to add that this has security considerations, if an attacker is able to
add a <base> tag in the middle of the source code, it may leak information to
other domains.
Comment 3 Alexey Proskuryakov 2009-10-16 15:59:16 PDT
As implied by comment 1, we match Firefox here. We probably shouldn't change this unilaterally - but it's definitely something to keep an eye on.
Comment 4 eduardo vela 2009-10-20 00:08:17 PDT
FYI:
https://bugzilla.mozilla.org/show_bug.cgi?id=515401

Apparently Gecko is fixing this
Comment 5 Ahmad Saleem 2022-08-10 11:02:22 PDT
WPT do have coverage for BASE tag multiple:

https://wpt.fyi/results/html/semantics/document-metadata/the-base-element?label=master&label=experimental&aligned&view=subtest&q=base

Safari TP 150 passes all tests, do we need to do something here? The test URL does not work and I tried to look into Wayback Archive but couldn't find as well. Appreciate if someone can comment and update the bug status accordingly or attached minimal test case (if needed). Thanks!
Comment 6 Alexey Proskuryakov 2022-08-19 17:15:39 PDT
Not sure if WPT covers everything that this bug talks about, but in my testing, all browsers agree now.

- When there are multiple BASE elements, only the first one is respected.
- BASE elements in BODY _are_ respected.

> I want to add that this has security considerations

I think that you are correct, but at this point, it's up to websites to prevent base element injection.