Comment #4 on issue 92 by Simetrical: Possible to make IE run script after
roundtripping in html5lib
http://code.google.com/p/html5lib/issues/detail?id=92
The requirements that comment 2 links to say unquoted attributes "must not
contain
any literal space characters, any U+0022 QUOTATION MARK (") characters,
U+0027
APOSTROPHE (') characters, U+003D EQUALS SIGN (=) characters, U+003C
LESS-THAN SIGN
(<) characters, or U+003E GREATER-THAN SIGN (>) characters, and must not be
the empty
string." There are no other constraints that don't apply to quoted
attributes as
well.
What's the bug here? As far as I can tell from reading the spec, the given
text
should parse as
<br title="`"><xmp>`><script>alert(1)</script></xmp>
and conformant browsers *should* run the script.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"html5lib-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/html5lib-discuss?hl=en-GB
-~----------~----~----~----~------~----~------~--~---
