Resources whose URLs contain raw newline characters.

As discussed in!msg/blink-dev/rOs6YRyBEpw/D3pzVwGJAgAJ, some forms of dangling markup attacks rely upon injecting an unclosed attribute that sucks up portions of a page, and exfiltrates them to an external endpoint (e.g. `<img src='` eats the page until the next `'`). This is possible because the URL parser helpfully discards newline characters. It would be lovely if we could make the parser less helpful.


Editor's draft

Status in Chromium

Proposed (launch bug)

Consensus & Standardization

  • No public signals
  • No public signals
  • No public signals
  • No signals


Last updated on 2017-03-28