[Webkit-unassigned] [Bug 35802] Gadget embed blocked due to URL in content

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Mar 6 20:10:55 PST 2010


--- Comment #3 from Daniel Bates <dbates at webkit.org>  2010-03-06 20:10:55 PST ---
>From briefly looking at the HTML source, this is an XSS attack since the page
calls document.innerHTML with the contents of the anchor #up_embed_snippet.
Moreover, among the <object>/<embed> parameters passed is
allowscriptaccess="always", which would allow the flash content to execute
arbitrary JavaScript scripts. In this case, such scripts would execute with
respect to the domain for the iframe,

I am not too familiar with Google Gadgets or its workings. Adam may have more
insight into this.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list