[Webkit-unassigned] [Bug 15039] New: Cross domain JavaScript injection

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 21 11:12:41 PDT 2007


           Summary: Cross domain JavaScript injection
           Product: WebKit
           Version: 522+ (nightly)
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ian.eng.webkit at gmail.com
                CC: sam at webkit.org

This has something to do with function closures. 

Steps to reproduce:
1. Save 'parent.html' and 'child.html' in the same direcotry, and open
'parent.html' in Safari.
2. Click on 'Open Child Window' button, a new tab/window is opened.
3. Click on 'Goto Apple' button, and the parent window is redirected to
4. Switch to the child window, and click on the button, a dialog pops up and
show that the child window can access the parent window contents in a different

Firefox prevents the child window to access Window.alert/Window.document, etc.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list