Closed
Bug 249360
Opened 20 years ago
Closed 20 years ago
No way to stop malicious javascript
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
People
(Reporter: relf, Unassigned)
Details
Attachments
(1 file)
302 bytes,
text/html
|
Details |
Linux build 2004062507 To reproduce: 1. Open the provided testcase 2. There is no way to stop malicious javascript The only way to stop it, is to kill mozilla-bin application Expected results: There should be a way to interrupt javascript execution without killing Mozilla.
Reporter | ||
Comment 1•20 years ago
|
||
Reporter | ||
Updated•20 years ago
|
Summary: No protection from malicious javascript → No way to stop malicious javascript
Assignee: general → general
Component: JavaScript Engine → DOM: Level 0
QA Contact: pschwartau → ian
Whiteboard: DUPEME
steps: 1. open a second window 2. load your link in the first window 3. select the second window 4. tools>web development>javascript debugger 5. select the windows view 6. select the first window 7. select the evil page 8. double click 9. set a breakpoint on the first while(true) line 10. click ok in the stupid dialog 11. in venkman evaluate: alert=funciton die(){throw 'stop that'} 12. click the green continue button. -done- what these steps mean: the summary is wrong.
Hi, Netscape Communicator 4.79 Internet Explorer 5.01 anmd 5.5 Other Mozilla versions and Opera 7.51 paid version do the same. I think that it is a thing of all browsers.
Comment 4•20 years ago
|
||
If you wait long enough, a dialog asking whether to stop the script or let it continue should come up. /be
Reporter | ||
Comment 5•20 years ago
|
||
> steps:
> 1. open a second window
> 2. load your link in the first window
Nice ;)
But what if only one window was opened, and the script run there?
It will block openning a second window.
Reporter | ||
Comment 6•20 years ago
|
||
Brendan, is there a way to force termination of the script not "waiting long enough" ? I'd prefer to have, say, a checkbox like [ ] Terminate this javascript right on the annoying dialog.
Comment 7•20 years ago
|
||
relf- You probably want bug bug 61098. This is a different DOS attack than the script blocker is designed for. There is no runaway script, it is patiently waiting for the user's input. Past dupes of this (such as bug 66097) went to bug 61098. bug 59314 and bug 60150 may be other approaches to tackle the problem.
Comment 8•20 years ago
|
||
*** This bug has been marked as a duplicate of 61098 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
Whiteboard: DUPEME
You need to log in
before you can comment on or make changes to this bug.
Description
•