99942 – A billion laughs in SVG

Bug 99942 - A billion laughs in SVG

Summary: A billion laughs in SVG

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	SVG (show other bugs)
Version:	420+
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2012-10-21 12:09 PDT by Philip Rogers
Modified:	2022-07-15 15:40 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
LOL (2.60 KB, text/html) 2012-10-21 12:09 PDT, Philip Rogers	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philip Rogers 2012-10-21 12:09:03 PDT

Created attachment 169811 [details]
LOL

Our SVG implementation is susceptible to the billion laughs DOS attack: http://en.wikipedia.org/wiki/Billion_laughs

Should we do anything about this?

Comment 1 Brent Fulgham 2022-07-15 15:40:38 PDT

It looks like Safari, Chrome, and Firefox suffer from this -- but we should do better.

Comment 2 Radar WebKit Bug Importer 2022-07-15 15:40:48 PDT

<rdar://problem/97098084>