Homec4science

Disallow <! in <script>

Authored by Jakub Vrana <jakub@vrana.cz> on Oct 16 2013, 18:28.

Description

Disallow <! in <script>

Summary:
HTML5 has this crazy script escaping states:

  • Script data escaped dash dash state
  • Script data double escaped state

https://communities.coverity.com/blogs/security/2012/11/16/did-i-do-that-html-5-js-escapers-3

Perhaps <! is too aggressive but I didn't spend much time searching for a more fine grained expression.

Test Plan: Searched for renderInlineScript().

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D7329

Details

Committed
Jakub Vrana <jakub@vrana.cz>Oct 16 2013, 18:28
Pushed
aubortJan 31 2017, 17:16
Parents
rPHd34143c72333: Celerity Map
Branches
Unknown
Tags
Unknown

Event Timeline

Jakub Vrana <jakub@vrana.cz> committed rPH29391a658e77: Disallow <! in <script> (authored by Jakub Vrana <jakub@vrana.cz>).Oct 16 2013, 18:28