From 98f5d9e5b14b590b6c948fa8b2728f3e47958a7d Mon Sep 17 00:00:00 2001
From: Mason Freed
Date: Sat, 30 Nov 2019 07:48:15 +0000
Subject: [Backport] CVE-2020-6413 - Inappropriate implementation in Blink
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/1940722:
Fix parser mXSS sanitizer bypass for and
within foreign context
Prior to this CL, the following code:
parsed to this innerHTML:
This is in contrast to this code:
which parses to
The fact that the
is left inside the