24908 – <form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24908 - <form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>

Summary: <form id="test"></form><button form="test" formaction="javascript:alert(1)">X...

Status:	RESOLVED NEEDSINFO

Alias:	None

Product:	WHATWG
Classification:	Unclassified
Component:	HTML (show other bugs)
Version:	unspecified
Hardware:	Other other

Importance:	P3 normal
Target Milestone:	Unsorted
Assignee:	Ian 'Hixie' Hickson
QA Contact:	contributor

URL:	http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-04 08:58 UTC by contributor
Modified:	2014-03-05 23:32 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description contributor 2014-03-04 08:58:04 UTC

Specification: http://www.whatwg.org/specs/web-apps/current-work/multipage/association-of-controls-and-forms.html
Multipage: http://www.whatwg.org/C#form-submission-0
Complete: http://www.whatwg.org/c#form-submission-0
Referrer: http://html5sec.org/

Comment:
<form id="test"></form><button form="test"
formaction="javascript:alert(1)">X</button>

Posted from: 183.234.59.89
User agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1613.0 Safari/537.36

Comment 1 Ian 'Hixie' Hickson 2014-03-05 23:32:59 UTC

What about it?