Closed Bug 826915 Opened 12 years ago Closed 12 years ago

Code example "showModalDialogBox" vulnerable to XSS with certain input

Tracking

(Not tracked)

Status:

RESOLVED DUPLICATE of bug 827398

People

(Reporter: openjck, Unassigned)

Details

(Whiteboard: [site:developer.mozilla.org])

John Karahalis [:openjck]

Reporter

Description

•

12 years ago

Quoting :curtisk from bug 769757.

> http://developer.mozilla.org/samples/domref/showModalDialogBox.html
> Vuln Code:
>
> <script>
> document.write("Modal dialog got argument: " + window.dialogArguments);
> </script>
>
> The page get arguments using "window.dialogArguments" and write it to the
> Page without HtmlEncoding.
> fix: use escape function \ other html encoding mechanism.

Luke Crouch [:groovecoder]

Updated

•

12 years ago

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → DUPLICATE

Stefan Arentz | :st3fan | ⏰ EST | he/him

Updated

•

11 years ago

Whiteboard: [site:developer.mozilla.org]

Will Kahn-Greene [:willkg] ET needinfo? me

Comment 2

•

8 years ago

For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.

Group: websites-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Code example "showModalDialogBox" vulnerable to XSS with certain input

Categories

(developer.mozilla.org :: Security, defect)

Tracking

(Not tracked)

People

(Reporter: openjck, Unassigned)

References

Details

(Whiteboard: [site:developer.mozilla.org])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 2