Bug 256296

Summary: Updating layout should not execute arbitrary scripts
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: Layout and RenderingAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=256298
Bug Depends on: 256295, 256297, 256300, 256352, 256353, 256354, 256383, 256414    
Bug Blocks:    

Description Ryosuke Niwa 2023-05-03 22:37:00 PDT 
Updating layout can end up executing arbitrary scripts in WebKit.
Don't do that for the improved security and sanity.
Comment 1 Radar WebKit Bug Importer 2023-05-10 22:37:18 PDT 
<rdar://problem/109189664>
Comment 2 Ryosuke Niwa 2023-05-11 00:23:13 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/13744
Comment 3 EWS 2023-05-11 13:28:38 PDT 
Committed 263983@main (fdb2c927fc43): <https://commits.webkit.org/263983@main>

Reviewed commits have been landed. Closing PR #13744 and removing active labels.