New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 738849 link

Starred by 3 users

Issue metadata

Status: Started
Buried. Ping if important.
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Task

Blocked on:
issue 680462
issue 680970

Sign in to add a comment

Answering postcards from the post-xss world.

Project Member Reported by, Jul 3 2017

Issue description

A million years ago, lcamtuf@ wrote Slowly, we're cutting back on the viability of some of the mechanisms contained therein. Let's just track that work here.

Comment 1 by, Jul 3 2017

Blockedon: 680970 680462
Exfiltration Bits

Section 2.1: More or less addressed via blocking `\n`+`<` in subresource requests ( )

Section 2.2: Narrowed by blocking form submissions with unclosed `<textarea>` or `<select>` elements (

Section 2.3: Measuring scope of nested form elements in

Section 2.4: Probably not going to remove `<base>` entirely, but could perhaps limit its effectiveness by locking it to `<head>`.

Section 2.5: We've made this worse with the Credential Management API. Hooray.

Section 2.6: I wonder how often folks put newlines and brackets into `<input>`?

Comment 2 by, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 3 by, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

Sign in to add a comment