RESOLVED FIXED254692
innerHTML and outerHTML escapes <, >, &, and nbsp inside `noscript` 
https://bugs.webkit.org/show_bug.cgi?id=254692
Summary innerHTML and outerHTML escapes <, >, &, and nbsp inside `noscript`
Ahmad Saleem
Reported 2023-03-29 14:33:39 PDT
Hi Team, This is last standing bug to make us parity with other browser engines (Blink & Gecko) [pass them all] and it has impact on following WPT tests: >> html/syntax/serializing-html-fragments/serializing.html >> html/syntax/parsing-html-fragments/tokenizer-modes-001.html It can be done by adding 'noscript' below but with some considerations: https://github.com/WebKit/WebKit/commit/a641fc693f57c0b0910a0c2bbb13796b34544ef1#diff-f783bf306bb85322c91bd87f08bb25550a2b7cbc13a6eb929f5ae9283c17e3c2 ________________ Blink Commit (Initial for Support) - https://chromium-review.googlesource.com/c/chromium/src/+/886646 Blink Commit (Post above - Security Bug) - https://chromium.googlesource.com/chromium/src/+/4193ecf74963e69eb6b635d429ed5944bf30124a ^ I didn't added 'noscript' due to lack of skills and with opportunity that it could lead to similar or any other security issue. Hence, I would leave it with someone else to fix it. _________________ Appreciate if someone can take it up and fix this last remaining bit. Thanks!
Attachments
Add attachment proposed patch, testcase, etc.
Ahmad Saleem
Comment 1 2023-04-04 15:00:08 PDT
I am not sure about 'GetExecutionContext()', but this can be something possible: if (parentName) { bool isNoscriptTagWithScriptEnabled = *parentName == noscriptTag && text.script() && text.document().domWindow() && text.script()->canExecuteScripts(NotAboutToExecuteScript); if (*parentName == scriptTag || *parentName == styleTag || *parentName == xmpTag || *parentName == noembedTag || *parentName == noframesTag || *parentName == plaintextTag || *parentName == iframeTag || isNoscriptTagWithScriptEnabled) return EntityMaskInCDATA; return EntityMaskInHTMLPCDATA; } In above 'script()' is wrong, I thought it might be equivalent of 'GetExecutionContext()' but I got build error as below: no member named 'script' in 'WebCore::Text'
Radar WebKit Bug Importer
Comment 2 2023-04-05 14:34:17 PDT
<rdar://problem/107678717>
Ryosuke Niwa
Comment 3 2023-05-02 18:45:53 PDT
Pull request: https://github.com/WebKit/WebKit/pull/13388
EWS
Comment 4 2023-05-03 09:34:31 PDT
Committed 263633@main (b731e7a77411): <https://commits.webkit.org/263633@main> Reviewed commits have been landed. Closing PR #13388 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.