[Webkit-unassigned] [Bug 15313] Same-origin check wrong when document.domain set

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 28 19:35:38 PDT 2007


------- Comment #8 from mjs at apple.com  2007-09-28 19:35 PDT -------
I believe Firefox does ignore the port, but not the protocol, when both
documents set document.domain. We added ignoring the port deliberately to match

I don't understand the exploit scenario. How do you "inject script" unless you
already have access to example.com, in which case an XSS exploit has already

I also don't see how #2 from the original description applies. document.domain
can only be set to either the true domain or a suffix of the true domain. For
example, www.foo.com can set document.domain to foo.com, but not to bar.com.
How is it exploitable to still let it access documents where the true domain
(from the URL) is www.foo.com?

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list