RESOLVED FIXED 92310
Href attribute with javascript protocol is stripped when content is pasted into a XML document 
https://bugs.webkit.org/show_bug.cgi?id=92310
Summary Href attribute with javascript protocol is stripped when content is pasted in...
Ryosuke Niwa
Reported 2012-07-25 15:32:04 PDT
When we paste a HTML content into a XML document, we end up stripping href content attribute altogether instead of emptying it out like we do on HTML documents.
Attachments
Fixes the bug (13.64 KB, patch)
2012-07-25 20:07 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from gce-cr-linux-08 (596.28 KB, application/zip)
2012-07-25 22:14 PDT, WebKit Review Bot 		no flags
Details
Archive of layout-test-results from gce-cr-linux-05 (550.23 KB, application/zip)
2012-07-25 23:15 PDT, WebKit Review Bot 		no flags
Details
Patch (14.42 KB, patch)
2012-07-26 12:30 PDT, Ryosuke Niwa 		abarth: review+
webkit-ews: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2012-07-25 15:33:17 PDT
editing/pasteboard/paste-noscript-xhtml.xhtml already tests behavior but the output is hard to read, so I'm going to fix that first in the bug 92307.
Ryosuke Niwa
Comment 2 2012-07-25 19:23:47 PDT
*** Bug 92329 has been marked as a duplicate of this bug. ***
Ryosuke Niwa
Comment 3 2012-07-25 20:07:10 PDT
Created attachment 154530 [details] Fixes the bug
Early Warning System Bot
Comment 4 2012-07-25 20:21:39 PDT
Comment on attachment 154530 [details] Fixes the bug Attachment 154530 [details] did not pass qt-ews (qt): Output: http://queues.webkit.org/results/13361285
WebKit Review Bot
Comment 5 2012-07-25 22:14:25 PDT
Comment on attachment 154530 [details] Fixes the bug Attachment 154530 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/13342544 New failing tests: svg/custom/missing-xlink.svg
WebKit Review Bot
Comment 6 2012-07-25 22:14:31 PDT
Created attachment 154539 [details] Archive of layout-test-results from gce-cr-linux-08 The attached test failures were seen while running run-webkit-tests on the chromium-ews. Bot: gce-cr-linux-08 Port: <class 'webkitpy.common.config.ports.ChromiumXVFBPort'> Platform: Linux-2.6.39-gcg-201203291735-x86_64-with-Ubuntu-10.04-lucid
WebKit Review Bot
Comment 7 2012-07-25 23:15:41 PDT
Comment on attachment 154530 [details] Fixes the bug Attachment 154530 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/13349554 New failing tests: svg/custom/missing-xlink.svg
WebKit Review Bot
Comment 8 2012-07-25 23:15:47 PDT
Created attachment 154552 [details] Archive of layout-test-results from gce-cr-linux-05 The attached test failures were seen while running run-webkit-tests on the chromium-ews. Bot: gce-cr-linux-05 Port: <class 'webkitpy.common.config.ports.ChromiumXVFBPort'> Platform: Linux-2.6.39-gcg-201203291735-x86_64-with-Ubuntu-10.04-lucid
Adam Barth
Comment 9 2012-07-25 23:16:08 PDT
Comment on attachment 154530 [details] Fixes the bug Makes sense.
Ryosuke Niwa
Comment 10 2012-07-26 12:30:45 PDT
Created attachment 154719 [details] Patch
Adam Barth
Comment 11 2012-07-26 12:36:03 PDT
Comment on attachment 154719 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=154719&action=review > Source/WebCore/dom/Element.cpp:787 > - attribute.setValue(nullAtom); > + attribute.setValue(emptyAtom); This change looks odd. I guess we're using empty string rather than null when removing attributes? > Source/WebCore/dom/Element.cpp:1465 > +bool Element::parseAttributeName(QualifiedName& out, const AtomicString& namespaceURI, const AtomicString& qualifiedName, ExceptionCode& ec) We usually put out parameters at the end. (I know the editing code is weird in this regard.)
Adam Barth
Comment 12 2012-07-26 12:39:46 PDT
Comment on attachment 154719 [details] Patch rniwa convinced me that using "" won't go infinite for <iframe src>, so this is probably ok. A natural followup would be to share code with XSS auditor since XSS auditor is a bit smarter about blocking attributes.
Early Warning System Bot
Comment 13 2012-07-26 12:58:31 PDT
Comment on attachment 154719 [details] Patch Attachment 154719 [details] did not pass qt-ews (qt): Output: http://queues.webkit.org/results/13351890
Ryosuke Niwa
Comment 14 2012-07-26 13:23:23 PDT
Committed r123788: <http://trac.webkit.org/changeset/123788>
Radar WebKit Bug Importer
Comment 15 2013-01-16 14:49:45 PST
<rdar://problem/13027931>
Note You need to log in before you can comment on or make changes to this bug.