This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 26235 - <form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>
Summary: <form id="test"></form><button form="test" formaction="javascript:alert(1)">X...
Status: RESOLVED NEEDSINFO
Alias: None
Product: WHATWG
Classification: Unclassified
Component: HTML (show other bugs)
Version: unspecified
Hardware: Other other
: P3 normal
Target Milestone: Unsorted
Assignee: Ian 'Hixie' Hickson
QA Contact: contributor
URL: http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:
: 26234 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-06-30 06:32 UTC by contributor
Modified: 2014-06-30 23:41 UTC (History)
2 users (show)

See Also:

Attachments

Description contributor 2014-06-30 06:32:10 UTC 
Specification: http://www.whatwg.org/specs/web-apps/current-work/multipage/association-of-controls-and-forms.html
Multipage: http://www.whatwg.org/C#form-submission-0
Complete: http://www.whatwg.org/c#form-submission-0
Referrer: http://heideri.ch/jso/

Comment:
<form id="test"></form><button form="test"
formaction="javascript:alert(1)">X</button>

Posted from: 122.227.232.154
User agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Comment 1 Ian 'Hixie' Hickson 2014-06-30 23:40:55 UTC 
Can you elaborate?
Comment 2 Ian 'Hixie' Hickson 2014-06-30 23:41:17 UTC 
*** Bug 26234 has been marked as a duplicate of this bug. ***