R1:29391a658e77
R1:29391a658e77
Disallow <! in <script>
Summary:
HTML5 has this crazy script escaping states:
- Script data escaped dash dash state
- Script data double escaped state
https://communities.coverity.com/blogs/security/2012/11/16/did-i-do-that-html-5-js-escapers-3
Perhaps `<!` is too aggressive but I didn't spend much time searching for a more fine grained expression.
Test Plan: Searched for `renderInlineScript()`.
Reviewers: epriestley
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Differential Revision: https…
Summary:
HTML5 has this crazy script escaping states:
- Script data escaped dash dash state
- Script data double escaped state
https://communities.coverity.com/blogs/security/2012/11/16/did-i-do-that-html-5-js-escapers-3
Perhaps `<!` is too aggressive but I didn't spend much time searching for a more fine grained expression.
Test Plan: Searched for `renderInlineScript()`.
Reviewers: epriestley
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Differential Revision: https…
Repository: R1 hydra
Commit Date: Oct 16 2013