New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 786665 link

Starred by 1 user
Status: Archived
Owner: ----
Closed: Nov 16
Cc:
bsittler@chromium.org
js...@chromium.org
jsb...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Feature



Sign in to add a comment

ISO-2022-JP codec should be deprecated and removed from Chrome

Project Member Reported by bsittler@chromium.org, Nov 18 2017 
Chrome Version: (copy from chrome://version)
OS: (e.g. Win7, OSX 10.9.5, etc...)

What steps will reproduce the problem?
(1) visit

data:text/html;charset=ISO-2022-JP,<title> %1b(I </title><body>hi?%1b(B<%1b(B/title>like UTF-<%1b(Bscript>document.write(8-1);document.title=document.body.innerText=document.characterSet+': '+document.body.innerText<%1b(B/script> but still a thing

a.k.a.

data:text/html;charset%3DISO-2022-JP,%3Ctitle%3E%20%1B%28I%20%3C/title%3E%3Cbody%3Ehi%3F%1B%28B%3C%1B%28B/title%3Elike%20UTF-%3C%1B%28Bscript%3Edocument.write%288-1%29%3Bdocument.title%3Ddocument.body.innerText%3Ddocument.characterSet+%27%3A%20%27+document.body.innerText%3C%1B%28B/script%3E%20but%20still%20a%20thing

(2) in another tab, visit

data:text/html;charset=UTF-8,<body onload=document.forms[0].submit()><form accept-charset="ISO-2022-JP" action="data:;charset=UTF-8," target=output><input name=q value="爰残厦乘堊駄笛專纈鷸⑬"></form><iframe name=output></iframe>

a.k.a.

data:text/html;charset=UTF-8,%3Cbody%20onload%3Ddocument.forms%5B0%5D.submit()%3E%3Cform%20accept-charset%3D%22ISO-2022-JP%22%20action%3D%22data%3A%3Bcharset%3DUTF-8%2C%22%20target%3Doutput%3E%3Cinput%20name%3Dq%20value%3D%22%E7%88%B0%E6%AE%8B%E5%8E%A6%E4%B9%98%E5%A0%8A%E9%A7%84%E7%AC%9B%E5%B0%88%E7%BA%88%E9%B7%B8%E2%91%AC%22%3E%3C%2Fform%3E%3Ciframe%20name%3Doutput%3E%3C%2Fiframe%3E

What is the expected result?

1) in the document

hi?(B<(B/title>like UTF-<(Bscript>document.write(8-1);document.title=document.body.innerText=document.characterSet+': '+document.body.innerText<(B/script> but still a thing

2) in the iframe:

?q=爰残厦乘堊駄笛專纈鷸⑬

What happens instead?

1) in the document:

ISO-2022-JP: like UTF-7 but still a thing

2) in the iframe:

?q=$B`);DROP+TABLE+Users;--(B

Please use labels and text to provide additional information.

Due to overloaded interpretation of syntax-critical bytes in the 7-bit (ASCII) range, the ISO-2022-JP character encoding should be dropped. It presents risks in both the encoding and decoding directions due to the likelihood of bypassing security checks and sanitization performed in the Unicode domain.

For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.

Comment 1 by bsittler@chromium.org, Nov 18 2017

Description: Show this description

Comment 2 by bsittler@chromium.org, Nov 18 2017

Summary: ISO-2022-JP codec should be deprecated and removed from Chrome (was: ISO-2022-JP decoder should be deprecated and removed from Chrome)

Comment 3 by bsittler@chromium.org, Nov 18 2017

Description: Show this description

Comment 4 by bsittler@chromium.org, Nov 18 2017 

Note that 爰残厦乘堊駄笛專纈鷸⑬ was chosen entirely for its encoded value when misinterpreted as an ASCII byte sequence and AFAIK is a nonsensical sequence in all languages using those characters.

Comment 5 by bsittler@chromium.org, Nov 18 2017

Cc: bsittler@chromium.org

Comment 6 by bsittler@chromium.org, Nov 18 2017

Labels: -Type-Bug-Security Type-Feature

Comment 7 by bsittler@chromium.org, Nov 18 2017

Description: Show this description

Comment 8 by jsb...@chromium.org, Nov 27 2017

Status: Available (was: Untriaged)
Moving to "Available" just to get it off the triage radar.

Comment 9 by jsb...@chromium.org, Nov 16

Status: Archived (was: Available)
Might happen eventually, but no activity here.

Sign in to add a comment