[Webkit-unassigned] [Bug 15313] Same-origin check wrong when document.domain set
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 28 19:35:38 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=15313
------- Comment #8 from mjs at apple.com 2007-09-28 19:35 PDT -------
I believe Firefox does ignore the port, but not the protocol, when both
documents set document.domain. We added ignoring the port deliberately to match
them.
I don't understand the exploit scenario. How do you "inject script" unless you
already have access to example.com, in which case an XSS exploit has already
occurred?
I also don't see how #2 from the original description applies. document.domain
can only be set to either the true domain or a suffix of the true domain. For
example, www.foo.com can set document.domain to foo.com, but not to bar.com.
How is it exploitable to still let it access documents where the true domain
(from the URL) is www.foo.com?
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list