RESOLVED CONFIGURATION CHANGED 243588
Parser bug can introduce mXSS and HTML sanitizers bypass 
https://bugs.webkit.org/show_bug.cgi?id=243588
Summary Parser bug can introduce mXSS and HTML sanitizers bypass
Ahmad Saleem
Reported 2022-08-05 08:04:11 PDT
Hi Team, I was dumpster diving again in Mozilla Bugzilla to identify any test cases in DOM Parser where Safari / Webkit might be different and then testing them across all browser to ensure that Webkit can get to be more web-compatible and came across following test case: Test Case Link - https://jsbin.com/yomabutoze/edit?html,output Mozilla Bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1598466 Chrome Bug - https://bugs.chromium.org/p/chromium/issues/detail?id=1005713 Some Blog Post - https://research.securitum.com/dompurify-bypass-using-mxss/ Web-Spec Chrome Discussion - https://bugs.chromium.org/p/chromium/issues/detail?id=1005713#c10 Commit - https://chromium.googlesource.com/chromium/src.git/+/d16226271d4d501de19f019aba1c145930b45503 *** STEPS TO REPRODUCE *** 1) Open Test Case Link 2) Notice Behavior << ACTUAL RESULT >> Safari get dialog with '1' value << EXPECTED RESULT >> No Dialog box similar to other browsers. ___ Appreciate if this can be fixed so there is no dialog box similar to other browsers. Thanks
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-08-05 14:28:33 PDT
<rdar://problem/98212299>
Ryosuke Niwa
Comment 2 2022-08-06 00:05:32 PDT
Chris recently fixed this.
Note You need to log in before you can comment on or make changes to this bug.