256296 – Updating layout should not execute arbitrary scripts

Bug 256296 - Updating layout should not execute arbitrary scripts

Summary: Updating layout should not execute arbitrary scripts

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Ryosuke Niwa

URL:
Keywords:	InRadar

Depends on:	256295 256297 256300 256352 256353 256354 256383 256414
Blocks:
	Show dependency tree / graph

Reported:	2023-05-03 22:37 PDT by Ryosuke Niwa
Modified:	2023-05-11 13:28 PDT (History)
CC List:	4 users (show)

See Also:	256298

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ryosuke Niwa 2023-05-03 22:37:00 PDT

Updating layout can end up executing arbitrary scripts in WebKit.
Don't do that for the improved security and sanity.

Comment 1 Radar WebKit Bug Importer 2023-05-10 22:37:18 PDT

<rdar://problem/109189664>

Comment 2 Ryosuke Niwa 2023-05-11 00:23:13 PDT

Pull request: https://github.com/WebKit/WebKit/pull/13744

Comment 3 EWS 2023-05-11 13:28:38 PDT

Committed 263983@main (fdb2c927fc43): <https://commits.webkit.org/263983@main>

Reviewed commits have been landed. Closing PR #13744 and removing active labels.