Closed
Bug 826915
Opened 12 years ago
Closed 12 years ago
Code example "showModalDialogBox" vulnerable to XSS with certain input
Categories
(developer.mozilla.org :: Security, defect)
developer.mozilla.org
Security
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 827398
People
(Reporter: openjck, Unassigned)
Details
(Whiteboard: [site:developer.mozilla.org])
Quoting :curtisk from bug 769757. > http://developer.mozilla.org/samples/domref/showModalDialogBox.html > Vuln Code: > > <script> > document.write("Modal dialog got argument: " + window.dialogArguments); > </script> > > The page get arguments using "window.dialogArguments" and write it to the > Page without HtmlEncoding. > fix: use escape function \ other html encoding mechanism.
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•11 years ago
|
Whiteboard: [site:developer.mozilla.org]
Comment 2•8 years ago
|
||
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•