[Webkit-unassigned] [Bug 24019] Javascript code is visible in the page.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 18 21:40:43 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=24019
mrowe at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mrowe at apple.com
Severity|Major |Normal
Component|JavaScriptCore |Evangelism
------- Comment #1 from mrowe at apple.com 2009-02-18 21:40 PDT -------
I'm 90% sure that this is a bug in the JS on the website rather than a problem
in WebKit. The site appears to construct HTML to insert in the page by
appending strings, including generating style attributes. The padding is
generated as follows:
for(ri in ra)
rt+="padding-"+l93[ri]+":"+ra[ri]+";";
where ra is an Array instance. The page uses Mootools which extends the Array
prototype to include many extra methods. This results in iterating over the
array returning these extra properties:
["copy", "remove", "contains", "associate", "extend", "merge", "include",
"getRandom", "getLast", "each", "test", "rgbToHex", "hexToRgb", "rgbToHsb",
"hsbToRgb"]
Their values are retrieved from the Array instance and converted to a string,
resulting in "function copy(..) { .... }" being included as part of the style.
This code is eventually written to the page using document.write. The quotes
used for strings within the JS function that ends up as part of the style are
the same type as is used to enclose the style attribute itself, meaning that an
attribute is ended and the string becomes the content of the element.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list