Quoting :curtisk from bug 769757. > http://developer.mozilla.org/samples/domref/showModalDialogBox.html > Vuln Code: > > <script> > document.write("Modal dialog got argument: " + window.dialogArguments); > </script> > > The page get arguments using "window.dialogArguments" and write it to the > Page without HtmlEncoding. > fix: use escape function \ other html encoding mechanism.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 827398
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
You need to log in before you can comment on or make changes to this bug.