search

amohanta / google-caja

Automatically exported from code.google.com/p/google-caja
0 stars 0 forks source link

Attack review: mikesamuel/bug-391 (132 added, 12 removed, 13 changed) #670

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
gvn review mikesamuel/bug-391

*mikesamuel/bug-391@2100 | mikesamuel | 2008-08-05 15:47:55 -0800 (Tue, 05
Aug 2008)

Description:

Fix bug 391: Malformed HTML attributes handled incorrectly

http://code.google.com/p/google-caja/issues/detail?id=391

Invalid HTML causes Caja lexer to generate incorrect token stream for
subsequent tags

What steps will reproduce the problem?
1. Feeding 
<div id='search' style=width: 565px; position: relative'><div id="x">
into the Caja lexer will cause it to start generating incorrect tokens. The
style attribute without 
correct quoting causes all subsequent tokens to be incorrectly recognized.
This issue was found 
during development of the HTML rewriter for Shindig. 

What is the expected output? What do you see instead?
The lexer should terminate the attribute when it sees the > which seems to
be consistent with 
browser behavior

Changed the lexer in HTML mode, to treat subsequent tokens inside a
tag body as part of the preceding attribute value unless they are the
start of a tag name.

Changed DomNode.Value to work properly on unbalanced quotes in a value.

This means that far fewer bare words in tag bodies will be treated as
valueless attributes.

Affected Paths:
   M //trunk/src/com/google/caja/lexer/HtmlLexer.java
   M //trunk/src/com/google/caja/parser/html/DomTree.java
   M //trunk/tests/com/google/caja/lexer/htmllexergolden1.txt
   M //trunk/tests/com/google/caja/lexer/htmllexerinput1.html
   M //trunk/tests/com/google/caja/parser/html/DomParserTest.java

Original issue reported on code.google.com by mikesamuel@gmail.com on 5 Aug 2008 at 11:49

GoogleCodeExporter commented 9 years ago 
LGTM

Original comment by jas...@gmail.com on 6 Aug 2008 at 8:31

GoogleCodeExporter commented 9 years ago

Original comment by mikesamuel@gmail.com on 7 Aug 2008 at 3:19

GoogleCodeExporter commented 9 years ago

Original comment by mikesamuel@gmail.com on 7 Aug 2008 at 3:19

GoogleCodeExporter commented 9 years ago 
Attack reviews are to be conducted pre-release.

Original comment by mikesamuel@gmail.com on 13 Jan 2009 at 8:13

GoogleCodeExporter commented 9 years ago

Original comment by mikesamuel@gmail.com on 13 Jan 2009 at 9:00