Can you spot the bug? https://github.com/WebKit/webkit/blob/e8d20436277647d92cc240998ca621cd8f105dbe/Source/WebCore/html/HTMLFormElement.cpp#L364 … (CVE-2017-2362)
-
-
Replying to @ifsecure
reantrancy issue <body onload=x.reset(isInResetFunction=1)> <form id=x onreset=if(isInResetFunction)x.reset(isInResetFunction=0)>?
1 reply 0 retweets 2 likes -
Replying to @berendjanwever
See https://bugs.chromium.org/p/project-zero/issues/detail?id=1044 …. I don't think there's a problem with isInResetFunction but I'd be happy to be proven wrong :-)
1 reply 0 retweets 1 like
Replying to @ifsecure
Doh! Overlooked "if (m_isInResetFunction || !frame)" at the top. Thought I could get it to loop with m_isInResetFunction == false.
8:35 AM - 31 Jan 2017
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.