Deeply nested elements crash FF 8, Chrome 11

1049884729 / owasp-java-html-sanitizer

Automatically exported from code.google.com/p/owasp-java-html-sanitizer

Other

0 stars 0 forks source link

Deeply nested elements crash FF 8, Chrome 11 #3

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

vytah said 

"""
OK, I didn't circumvent the protection, but I managed to crash Firefox 8 and 
make it unusable until I restarted it in safe mode.
My input was about 20000×<div> (opening only, no closing)
"""

Original issue reported on code.google.com by mikesamuel@gmail.com on 10 Oct 2011 at 9:20

GoogleCodeExporter commented 9 years ago

vtyah said

"""
I have pinpointed what exactly happened, so here goes more info:
Firefox crashes, addons or not. The not-loading-pages bug was caused by some 
addon. I removed it, crashed the browser again, restarted and it works.
Filed a bug report to addon creator.
"""

Original comment by mikesamuel@gmail.com on 10 Oct 2011 at 10:17

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

willikins_bear says
"""
This caused Chrome (ver. 11.0.696.68) to crash with no extensions. Not only did 
it crash the tab that was open (HTMLSanitizer/index.jsp), but it also crashed 
another tab (HTMLSanitizer/source.jsp) I had open at the same time.
"""

Original comment by mikesamuel@gmail.com on 11 Oct 2011 at 2:48

Changed title: Deeply nested elements crash FF 8, Chrome 11
Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Fix at 
http://code.google.com/p/owasp-java-html-sanitizer/source/diff?spec=svn79&r=79&f
ormat=side&path=/trunk/src/main/org/owasp/html/HtmlSanitizer.java&show=review

Original comment by mikesamuel@gmail.com on 14 Oct 2011 at 6:42

Changed state: Fixed
Added labels: ****
Removed labels: ****