Closed
Bug 826915
Opened 12 years ago
Closed 12 years ago
Code example "showModalDialogBox" vulnerable to XSS with certain input
Categories
(developer.mozilla.org :: Security, defect)
developer.mozilla.org
Security
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 827398
People
(Reporter: openjck, Unassigned)
Details
(Whiteboard: [site:developer.mozilla.org])
Quoting :curtisk from bug 769757.
> http://developer.mozilla.org/samples/domref/showModalDialogBox.html
> Vuln Code:
>
> <script>
> document.write("Modal dialog got argument: " + window.dialogArguments);
> </script>
>
> The page get arguments using "window.dialogArguments" and write it to the
> Page without HtmlEncoding.
> fix: use escape function \ other html encoding mechanism.
|
||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
|
||
Updated•12 years ago
|
Whiteboard: [site:developer.mozilla.org]
|
||
Comment 2•9 years ago
|
||
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•