Webkit suffers from a universal cross site scripting vulnerability in ContainerNode::parserInsertBefore.
be606c86922521529e8c279978b2f631 WebKit: UXSS via ContainerNode::parserInsertBefore
CVE-2017-2508
This is a regression test from <a href="/p/chromium/issues/detail?id=519558" title="Security: Universal XSS via ContainerNode::parserInsertBefore" class="closed_ref" rel="nofollow"> https://crbug.com/519558 </a>.
The PoC works well in the latest nightly build of WebKit.
This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.
Found by: lokihardt