[Webkit-unassigned] [Bug 20988] New: Cross-frame scripting error from Web Inspector code
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Sep 22 02:35:49 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=20988
Summary: Cross-frame scripting error from Web Inspector code
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: Web Inspector
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ap at webkit.org
If a subframe navigates to a new security origin, Web Inspector hits XSS
security checks. To reproduce, put the attached test case into
LayoutTests/http/tests, start Apache with run-webkit-httpd, and open the test
as http://127.0.0.1:8000/main.html.
If the Inspector is open while running the test, I'm getting 5 error messages.
If it is opened after the test finishes, I'm getting two (but they are
generated when opening Inspector, not earlier).
Tested with r36712 nightly and with a local debug build.
#0 0x0392f160 in WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage
at JSDOMWindowBase.cpp:793
#1 0x03562bb6 in WebCore::JSDOMWindowBase::allowsAccessFrom at
JSDOMWindowCustom.h:145
#2 0x038bf5db in WebCore::allowsAccessFromFrame at JSDOMBinding.cpp:331
#3 0x038bf626 in WebCore::checkNodeSecurity at JSDOMBinding.cpp:323
#4 0x03559c0b in WebCore::JSDOMWindow::getValueProperty at
JSDOMWindow.cpp:532
#5 0x03562c20 in JSC::staticValueGetter<WebCore::JSDOMWindow> at
lookup.h:116
#6 0x032ab76d in JSC::PropertySlot::getValue at PropertySlot.h:63
#7 0x0399effe in WebCore::JSQuarantinedObjectWrapper::getOwnPropertySlot
at JSQuarantinedObjectWrapper.cpp:114
#8 0x008ea63f in JSC::JSValue::get at JSObject.h:432
#9 0x008d5224 in JSC::Machine::cti_op_get_by_id_generic at
Machine.cpp:4270
#10 0x1d99828a in ??
#11 0x008d872e in JSC::Machine::execute at Machine.cpp:963
#12 0x0082fe67 in JSC::JSFunction::call at JSFunction.cpp:70
#13 0x0082ff03 in JSC::call at CallData.cpp:39
#14 0x008d179c in JSObjectCallAsFunction at JSObjectRef.cpp:305
#15 0x03521327 in WebCore::InspectorController::callFunction at
InspectorController.cpp:147
#16 0x035234f7 in
WebCore::InspectorController::inspectedWindowScriptObjectCleared at
InspectorController.cpp:1272
#17 0x0343a410 in WebCore::FrameLoader::dispatchWindowObjectAvailable at
FrameLoader.cpp:4850
...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list