[Webkit-unassigned] [Bug 15039] New: Cross domain JavaScript injection
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 21 11:12:41 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=15039
Summary: Cross domain JavaScript injection
Product: WebKit
Version: 522+ (nightly)
Platform: PC
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ian.eng.webkit at gmail.com
CC: sam at webkit.org
This has something to do with function closures.
Steps to reproduce:
1. Save 'parent.html' and 'child.html' in the same direcotry, and open
'parent.html' in Safari.
2. Click on 'Open Child Window' button, a new tab/window is opened.
3. Click on 'Goto Apple' button, and the parent window is redirected to
www.apple.com;
4. Switch to the child window, and click on the button, a dialog pops up and
show that the child window can access the parent window contents in a different
domain.
Firefox prevents the child window to access Window.alert/Window.document, etc.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list