tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

slot-content-visibility-20-crash.html (660B)

      1 <!DOCTYPE html>
      2 <link rel=author href="mailto:jarhar@chromium.org">
      3 <link rel=help href="https://bugs.chromium.org/p/chromium/issues/detail?id=1268837">
      4 
      5 <style>
      6 summary {
      7  margin: 1px 1px 1px -1px;
      8 }
      9 * {
     10  max-height: 0vh;
     11 }
     12 </style>
     13 
     14 <script>
     15 function jsfuzzer() {
     16  document.documentElement.appendChild(document.querySelector('details'));
     17  document.execCommand("selectAll");
     18  document.querySelector('li').replaceChild(
     19    document.querySelector('q'),
     20    document.querySelector('div'));
     21  document.caretRangeFromPoint(127,487);
     22 }
     23 </script>
     24 
     25 <body onload=jsfuzzer()>
     26 
     27 <li>
     28  <div></div>
     29  <details>
     30    <summary></summary>
     31    <q></q>
     32  </details>
     33 </li>