Closed
Bug 13312
Opened 26 years ago
Closed 25 years ago
Spoofing windows using document.write()
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
VERIFIED
FIXED
M15
People
(Reporter: joro, Assigned: vidur)
References
()
Details
There is a possibility for spoofing windows in in Mozilla 5.0 build 1999090408
(later builds crash at startup on my computer) using document.write().
The code is:
a=window.open("http://www.yahoo.com","a");
setTimeout("a.document.open();a.document.write('This window is
spoofed');a.document.close();",20000);
|
||
Updated•26 years ago
|
Whiteboard: help wanted: whoever owns document.write (joki or vidur?)
|
|
||
Updated•26 years ago
|
Assignee: norris → vidur
Blocks: 12633
Component: Security → DOM Level 0
Whiteboard: help wanted: whoever owns document.write (joki or vidur?)
|
||
Comment 1•26 years ago
|
||
We can't ship final with this, but I think a proper fix depends on 9111. What
if we just clear the URL bar when we do a document.open?
|
|
||
Updated•26 years ago
|
Target Milestone: M15
|
|
||
Comment 2•26 years ago
|
||
This is going to wait until M15, unless someone yells really loudly. (Hint: the
loudest yelling is that which includes a patch. =) )
|
|
||
Comment 3•26 years ago
|
||
I think spoofing is okay for beta. I'd rather not, but we're pushing hard to get
other, more serious security problems resolved.
|
|
Assignee | |
Comment 4•26 years ago
|
||
In an attempt to get my bug list in order again, marking all the bugs I have
currently as ASSIGNED.
|
|
||
Comment 6•25 years ago
|
||
What happens now is that a second window is opened, showing yahoo in the
location bar and in the content. Is this the expected behavior?
|
||
Comment 8•25 years ago
|
||
I don't see any problems here any more either (I get the security warning), if
someone else disagrees then please reopen. Marking fixed.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•