Bug 30982 - createHTMLDocument doesn't escape ampersand and less-than in title
Summary: createHTMLDocument doesn't escape ampersand and less-than in title
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC All
: P2 Normal
Assignee: Alexey Proskuryakov
Depends on:
Reported: 2009-10-31 14:23 PDT by nanto_vi (TOYAMA Nao)
Modified: 2009-11-01 12:05 PST (History)
0 users

See Also:

proposed fix (3.57 KB, patch)
2009-10-31 21:43 PDT, Alexey Proskuryakov
sullivan: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description nanto_vi (TOYAMA Nao) 2009-10-31 14:23:51 PDT
|document.implementation.createHTMLDocument(title)| wrongly parses the value of the title parameter as a part of HTML source, violating both old DOM2 HTML CR [1] and HTML5 [2].

[1] http://www.w3.org/TR/2002/CR-DOM-Level-2-HTML-20020605/html.html#HTML-DOM-createHTMLDocument
[2] http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#dom-domhtmlimplementation-createhtmldocument

Steps to reproduce: Execute the following JavaScript code:

Expected result: foo</title>
Actual result: foo

Confirmed on WebKit-r50095.
Comment 1 Alexey Proskuryakov 2009-10-31 21:43:56 PDT
Created attachment 42269 [details]
proposed fix
Comment 2 Alexey Proskuryakov 2009-11-01 12:05:30 PST
Committed <http://trac.webkit.org/changeset/50389>.