Bug 30432 - BASE tag is allowed more than once and outside the <head> section
Summary: BASE tag is allowed more than once and outside the <head> section
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC All
: P2 Normal
Assignee: Nobody
URL: http://zaz.sirdarckcat.net/zaz
Keywords:
Depends on:
Blocks:
 
Reported: 2009-10-16 01:10 PDT by eduardo vela
Modified: 2009-10-20 00:08 PDT (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description eduardo vela 2009-10-16 01:10:42 PDT
Reproducible: Always

Steps to Reproduce:
1. Go to http://zaz.sirdarckcat.net/zaz/ (a script that alerts the location of
the script being included).
2. See the alerts
Actual Results:  
the alerts are:
a/b.js
a/b/c.js
a/b/c/d.js
a/b.js
a/b/c.js
a/b/c/d.js

Expected Results:  
the alerts should be:
a/b.js
a/c.js
a/d.js
a/b.js
a/c.js
a/d.js

I'm not very good making testcases, and I tried to look for the bug, but I
couldn't find it.. I think this is a well known bug for developers, so I guess
its a dupe, but I couldnt find the bug where this is being discussed.

In any way, I want to propose this being fixed, or are there some details I'm
missing?
Comment 1 eduardo vela 2009-10-16 01:12:53 PDT
I should have reported this here instead of chromium:
http://code.google.com/p/chromium/issues/detail?id=25017

And I also submitted a bug report for firefox:
https://bugzilla.mozilla.org/show_bug.cgi?id=522658
Comment 2 eduardo vela 2009-10-16 01:25:59 PDT
I want to add that this has security considerations, if an attacker is able to
add a <base> tag in the middle of the source code, it may leak information to
other domains.
Comment 3 Alexey Proskuryakov 2009-10-16 15:59:16 PDT
As implied by comment 1, we match Firefox here. We probably shouldn't change this unilaterally - but it's definitely something to keep an eye on.
Comment 4 eduardo vela 2009-10-20 00:08:17 PDT
FYI:
https://bugzilla.mozilla.org/show_bug.cgi?id=515401

Apparently Gecko is fixing this