RESOLVED FIXED Bug 30982
createHTMLDocument doesn't escape ampersand and less-than in title 
https://bugs.webkit.org/show_bug.cgi?id=30982
Summary createHTMLDocument doesn't escape ampersand and less-than in title
nanto_vi (TOYAMA Nao)
Reported 2009-10-31 14:23:51 PDT
|document.implementation.createHTMLDocument(title)| wrongly parses the value of the title parameter as a part of HTML source, violating both old DOM2 HTML CR [1] and HTML5 [2]. [1] http://www.w3.org/TR/2002/CR-DOM-Level-2-HTML-20020605/html.html#HTML-DOM-createHTMLDocument [2] http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#dom-domhtmlimplementation-createhtmldocument Steps to reproduce: Execute the following JavaScript code: javascript:alert(document.implementation.createHTMLDocument('foo</title>').title); Expected result: foo</title> Actual result: foo Confirmed on WebKit-r50095.
Attachments
proposed fix (3.57 KB, patch)
2009-10-31 21:43 PDT, Alexey Proskuryakov 		sullivan: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2009-10-31 21:43:56 PDT
Created attachment 42269 [details] proposed fix
Alexey Proskuryakov
Comment 2 2009-11-01 12:05:30 PST
Committed <http://trac.webkit.org/changeset/50389>.
Note You need to log in before you can comment on or make changes to this bug.