Closed
Bug 1494313
Opened 6 years ago
Closed 6 years ago
CSP bypass when force open in new tab
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1437009
People
(Reporter: nikhil.mittal641, Unassigned)
Details
Attachments
(1 file)
|
261 bytes,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Steps to reproduce:
1. Setup test2.php on a server
2. Move cursor to test link
3. press Command+Click or ctrl+click to open in new tab
4. You will triage JavaScript code execution
Actual results:
FF executes javascript
Expected results:
No javascript execution
|
||
Updated•6 years ago
|
Group: firefox-core-security → dom-core-security
Component: Untriaged → DOM: Security
Product: Firefox → Core
Version: 64 Branch → unspecified
|
||
Updated•6 years ago
|
Attachment #9012177 -
Attachment mime type: text/php → text/plain
|
|
||
Comment 1•6 years ago
|
||
Seems like the document inheritance here should inherit the CSP of the original document. I don't know why that doesn't happen. Christoph?
Flags: needinfo?(ckerschb)
|
||
Comment 2•6 years ago
|
||
This looks like a dupe of bug 1437009, is that right?
|
||
Comment 3•6 years ago
|
||
(In reply to Alex Gaynor [:Alex_Gaynor] from comment #2)
> This looks like a dupe of bug 1437009, is that right?
That is correct, it's a dupe of Bug 1437009. I am pretty sure that Bug 965637 will actually fix that problem as well.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(ckerschb)
Resolution: --- → DUPLICATE
|
||
Updated•2 years ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•