Closed Bug 13312 Opened 21 years ago Closed 20 years ago

Spoofing windows using document.write()

Categories

(Core :: DOM: Core & HTML, defect, P3)

x86
Windows 95
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: joro, Assigned: vidur)

References

()

Details

There is a possibility for spoofing windows in in Mozilla 5.0 build 1999090408
(later builds crash at startup on my computer) using document.write().
The code is:

a=window.open("http://www.yahoo.com","a");
setTimeout("a.document.open();a.document.write('This window is
spoofed');a.document.close();",20000);
Whiteboard: help wanted: whoever owns document.write (joki or vidur?)
Assignee: norris → vidur
Blocks: 12633
Component: Security → DOM Level 0
Whiteboard: help wanted: whoever owns document.write (joki or vidur?)
We can't ship final with this, but I think a proper fix depends on 9111.  What
if we just clear the URL bar when we do a document.open?
This is going to wait until M15, unless someone yells really loudly.  (Hint: the
loudest yelling is that which includes a patch. =) )
I think spoofing is okay for beta. I'd rather not, but we're pushing hard to get
other, more serious security problems resolved.
No longer blocks: 12633
In an attempt to get my bug list in order again, marking all the bugs I have
currently as ASSIGNED.
I consider this bug fixed. It gives a security error.
What happens now is that a second window is opened, showing yahoo in the 
location bar and in the content. Is this the expected behavior?
Mozilla behaves as expected. The bug is fixed.
I don't see any problems here any more either (I get the security warning), if
someone else disagrees then please reopen. Marking fixed.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.