Contact emails
securit...@google.com

Specification
https://github.com/whatwg/html/issues/6235


Summary

Escape "<" and ">" in values of attributes on serialization. This mitigates the 
risk of mutation XSS attacks, which occur when value of an attribute is 
interpreted as a start tag token after being serialized and re-parsed.



Blink component
Blink>HTML>Parser


TAG review
None


TAG review status
Not applicable


Risks




Interoperability and Compatibility

Please see https://github.com/whatwg/html/issues/6235#issuecomment-2315325422 
for an overview of potential risks. The change has been under a flag for over a 
year and as far as I'm aware, we received zero reports on any breakages. I'd 
like to try to enable this change for a certain percentage of users of Beta/Dev 
channels to find out whether it results in real world breakages.


Gecko: No signal

WebKit: No signal

Web developers: No signals

Other signals:


WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it 
has potentially high risk for Android WebView-based applications?

None




Goals for experimentation




Ongoing technical constraints

None



Debuggability




Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, 
ChromeOS, Android, and Android WebView)?
Yes


Is this feature fully tested by web-platform-tests?
Yes
If the change is made, then WPT will have to be updated to reflect it. See 
Chromium-specific test for now: 
https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/html/syntax/serializing-html-fragments/serializing-expected.txt;l=1?q=third_party%2Fblink%2Fweb_tests%2Fexternal%2Fwpt%2Fhtml%2Fsyntax%2Fserializing-html-fragments%2Fserializing-expected.txt%20&sq=



Flag name on chrome://flags
enable-experimental-web-platform-features


Finch feature name
EscapeLtGtInAttributes


Requires code in //chrome?
False


Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1175016


Estimated milestones

No milestones specified



Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5083926074228736


This intent message was generated by Chrome Platform Status.

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/000000000000bdcf520620be80f4%40google.com.

Reply via email to