[Webkit-unassigned] [Bug 15039] Cross domain JavaScript injection
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 22 11:20:38 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=15039
------- Comment #8 from ian.eng.webkit at gmail.com 2007-08-22 11:20 PDT -------
Two issues I found:
1. Wrong execution context in EventListener::handleEvent. It should be the
frame firing events. (Is it the same as the owner frame of event target?)
This is pretty easy to fix, I think. JSAbstractEventListener::handleEvent
should use the current execState to run handler function.
2. When navigating to a new URL, new JS environment has the same built-in
objects&prototypes as the old one.
Both would allow cross domain script injection.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list