angler-fishThe Vulnerability History Project

Revert 191807 &quotSupress script during parser adjusting DOM node l...&quot

      Reverting on trunk to avoid crashes while a fix is landed

BUG=471599

> Supress script during parser adjusting DOM node location
> 
> This attack uses HTML parser's tree tweaking operation to trigger
> a script execution. This CL supresses it. This should be acceptable
> because:
> 
>  * It never happens with well-formed markup.
>  * It only happens to a node being a child of <script>, which is unusual.
> 
> BUG=464552
> TEST=parser-adjust-parent-crash.html
> R=haraken@chromium.org
> 
> Review URL: https://codereview.chromium.org/1007523003

TBR=morrita@chromium.org

Review URL: https://codereview.chromium.org/1096553003

git-svn-id: svn://svn.chromium.org/blink/trunk@193901 bbb929c8-8fbe-4397-9dbb-9b2b20218538
by Genevieve the Boar 2015-04-16 20:25:05 UTC
commit a093f3f18f76308d584b93f4a3b6a7b52d4e970a
Chromium Fix CVE-2015-1253
third_party/WebKit/LayoutTests/fast/dom/parser-adjust-parent-crash-expected.txt
+1
third_party/WebKit/LayoutTests/fast/dom/parser-adjust-parent-crash.html
+20
third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.cpp
+7 -2
expand_less