Steps to reproduce
With the newest update to Microsoft Edge 42.17134.1.0, i noted a strange behaviour with a simple webform
If the text in a textarea containes a link and the form ist submitted, in Edge, the “href” of the link is changed to “hr#f”
Comments and activity
Code of the site should be an issue (just simple html + php):
This is a Test containing a link. The Link doesn’t work aufter the post.
sorry… here ist the code:
This ist a test with a link. The [link](%e2%80%99https%3a//www.google.com%e2%80%99) doesn't work after the post.
"; } ?>
Sorry, I’m not able to post my code (which is perfectly ok), so I uploaded a screenshot of my simple example “code.jpg”
The example works with all other Browser including previous Edge Versions.
Hi, I have the same issue… do you have some news about it?
Same problem here!
No, unfortunately not. Before posting here we have tried to contact the Microsoft support here, lost about half an hour on phone before they said we should post the issue here.
For all that like to check it out: we have made a test page here:
Hi guys,I have solved it setting the header XSS
- Microsoft Edge Team
Changed Assigned To to “James M.”
Changed Steps to Reproduce
Changed Assigned To to “Mohamed S.”
Changed Assigned To to “Amit J.”
Changed Assigned To to “Arvind M.”
Changed Assigned To from “Arvind M.” to “Rajat J.”
Changed Status to “Confirmed”
Changed Title from “href is changed into hr#f after submitting a form by post” to “XSS Filter neuters SameOrigin POST in Edge only”
Changed Status from “Confirmed” to “In code review”
Changed Status from “In code review” to “Fixed”