Closed Bug 298020 Opened 20 years ago Closed 20 years ago

popup s with bad coded javascript are not blocked

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 282931

People

(Reporter: jimmy.witherspoon, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Popups using "bad" javascript are not blocked.  The following script will not be
blocked (notice the formatting of SCRIPT)
document.write('<scr'+'ipt language=javascript
src="http://SPAMalot.com/run_some_script_that_has_popups.js+((new
Date()).getTime() % 2147483648) + Math.random()+'"></scr'+'ipt>');

Reproducible: Always

Steps to Reproduce:
place the following code into a page

Actual Results:  
popup windows

Expected Results:  
detected the '<scr'+'ipt tags and kill them
i'm not sure what you are talking about, but it looks like nonsense

INVA ?
Please attach a testcase showing this issue by uplading it via this link:
https://bugzilla.mozilla.org/attachment.cgi?bugid=298020&action=enter
See bug 295616, bug 286615 and bug 265186 -> Duplicate of Core bug 282931?
Also see bug 282382.

*** This bug has been marked as a duplicate of 282931 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.