Bug 254617

Summary: innerHTML serialization should not have a special handling for javascript: URLs
Product: WebKit Reporter: Ahmad Saleem <ahmad.saleem792>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: BrowserCompat, InRadar, WPTImpact
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Partial Patch for Merge - Local Testing (Build) .cpp side
none
Partial Merge (.cpp) - MarkupAccumulator.cpp none

Description Ahmad Saleem 2023-03-28 13:54:12 PDT 
Created attachment 465640 [details]
Partial Patch for Merge - Local Testing (Build) .cpp side

Hi Team,

While going through Chromium's Monorail, I came across another failing test case:

What steps will reproduce the problem?
(1) Open the following URL
data:text/html;charset=utf-8,<body> <div id=target><a href="javascript:&quot;foobar&quot;">link</a></div> <pre></pre> <script> alert(document.querySelector('div').innerHTML); </script> </body>

What is the expected result?
It should show an alert dialog with:
  <a href="javascript:&quot;foobar&quot;">link</a>


What happens instead?
It shows an alert dialog with:
  <a href='javascript:"foobar"'>link</a>

Chrome Bug - https://bugs.chromium.org/p/chromium/issues/detail?id=927164

Blink Commit - https://chromium.googlesource.com/chromium/src.git/+/a806a0593906b75b9396d3bbd092bdda9161bf4c

WPT Tests Progression - Two subtests of http://wpt.live/html/syntax/serializing-html-fragments/serializing.html

Just wanted to raise so we can fix and get more WPT wins and browser compat wins.

Thanks!
Comment 1 Ahmad Saleem 2023-03-28 13:56:34 PDT 
Created attachment 465641 [details]
Partial Merge (.cpp) - MarkupAccumulator.cpp

Actual Patch.
Comment 2 EWS 2023-03-29 04:35:09 PDT 
Committed 262267@main (948db072bd94): <https://commits.webkit.org/262267@main>

Reviewed commits have been landed. Closing PR #12075 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2023-03-29 04:36:17 PDT 
<rdar://problem/107362610>