Closed Bug 1420032 Opened 4 years ago Closed 4 years ago
.cookie DOM property can be clobbered using DOM node named cookie
Safari, Chrome and Firefox all behave the same here, and this is publicly documented and specced ( https://html.spec.whatwg.org/multipage/dom.html#dom-document-namedItem-which , http://jibbering.com/faq/names/ , https://kangax.github.io/domlint/ etc. ). "Confusion" is also not really a security issue without further explanation, so I'm unhiding this issue. It seems Edge doesn't overwrite document.cookie, or, for that matter, any other things like document.getElementById. I think that would be sensible, but I would imagine that you'd need to raise a spec issue - I don't see anything in the spec that determines how these conflicts are resolved (or not), but that's probably me not looking in the right place...
Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core
Hi Amy, is this at your wheelhouse that you could confirm the existing expected behavior?
This is as speced, see https://heycam.github.io/webidl/#LegacyPlatformObjectGetOwnProperty and https://heycam.github.io/webidl/#dfn-named-property-visibility (HTMLDocument is marked OverrideBuiltins).
Overrides are confusing but this is by design so INVALID.
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.