[Webkit-unassigned] [Bug 14611] Incorrect JavaScript const declaration behaviour
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Apr 25 16:37:02 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=14611
------- Comment #8 from bugzilla at eligrey.com 2009-04-25 16:37 PDT -------
(In reply to comment #7)
IMO, it's pretty important if you want to make library that, if a site scumbs
to an XSS flaw, the library reports a bug on itself on a page.
For example:
const reportXSSFlawedPage = function() { do_some_stuff_with(location.href) };
In Firefox, the website will report an error to the admin so he can get the
library fixed ASAP. In WebKit, the XSS attack knows about the
"reportXSSFlawedPage" function, and overwrites it. The admin doesn't find out
about the XSS flaw until quite a few users have been affected.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list