Steps to Reproduce:
1. Go to http://zaz.sirdarckcat.net/zaz/ (a script that alerts the location of
the script being included).
2. See the alerts
the alerts are:
the alerts should be:
I'm not very good making testcases, and I tried to look for the bug, but I
couldn't find it.. I think this is a well known bug for developers, so I guess
its a dupe, but I couldnt find the bug where this is being discussed.
In any way, I want to propose this being fixed, or are there some details I'm
I should have reported this here instead of chromium:
And I also submitted a bug report for firefox:
I want to add that this has security considerations, if an attacker is able to
add a <base> tag in the middle of the source code, it may leak information to
As implied by comment 1, we match Firefox here. We probably shouldn't change this unilaterally - but it's definitely something to keep an eye on.
Apparently Gecko is fixing this