<svg> tag allows <script> to execute when formatted incorrectly, also blocks some legal code.

Confirmed Issue #4769983 • Assigned to Kevin B.

Details

Created
Sep 29, 2015
Privacy
This issue is public.
Reports
Reported by 0 people

Sign in to watch or report this issue.

Steps to reproduce

URL:

Repro Steps:

  1. Create an HTML file containing the following content:
    <svg><script>prompt(1)<p>
  2. Load the page in Internet Explorer, see that the prompt function executes. It does not execute in other browsers
  3. Create an HTML file containing the following content:
    <svg>
    <script>
    p=2;prompt(1);x=3<p ; y=2>4;prompt(2)
  4. Load the page in Internet Explorer, note that prompt(1) executes, prompt(2) does not.

Expected Results:

Parsing of a <script> tag in HTML is carried out up until exactly the next </script> tag. It should do so in an svg tag also, for principle of least surprise.

Actual Results:

Dev Channel specific:

No

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Sermet I.”

      Changed Assigned To to “Rossen A.”

      Changed Assigned To from “Rossen A.” to “Bogdan B.”

      Changed Assigned To from “Bogdan B.” to “Kevin B.”

      Changed Status to “Confirmed”

      Changed Assigned To from “Kevin B.” to “James M.”

      Changed Assigned To from “James M.” to “Kevin B.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in