Closed Bug 307050 Opened 19 years ago Closed 19 years ago

JS execution in context of current domain

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: zarco.zwier, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050903 Firefox/1.6a1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050903 Firefox/1.6a1

When a JS URL is enetered in the location bar, it's executed in the context of
the current domain.
It seems that this only works for manually entered JS URLs.

Reproducible: Always

Steps to Reproduce:
1. Go to: http://www.google.nl
2. Go to: javascript:alert(document.cookie)


Actual Results:  
The cookie is displayed

Expected Results:  
The cookie should not be read
This behavior is intentional and shared by other major browsers. It also leads
to useful features like "bookmarklets".
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.