[Webkit-unassigned] [Bug 63083] New: Web Inspector: wrong JSON.stringify used in webInspector.inspectedWindow.eval() backend

Tue Jun 21 11:43:00 PDT 2011

https://bugs.webkit.org/show_bug.cgi?id=63083

           Summary: Web Inspector: wrong JSON.stringify used in
                    webInspector.inspectedWindow.eval() backend
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Web Inspector
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mhillyard at google.com
                CC: timothy at apple.com, rik at webkit.org, keishi at webkit.org,
                    pmuellr at yahoo.com, joepeck at webkit.org,
                    pfeldman at chromium.org, yurys at chromium.org,
                    bweinstein at apple.com, apavlov at chromium.org,
                    loislo at chromium.org

The devtools backend JSON.stringifys the result of an eval on the inspected page, i.e. when performing webInspector.inspectedWindow.eval().  The JSON.stringify that is executed is not properly sandboxed and may be an implementation provided by the inspected page.   cnn.com provides a non-standard implementation, so webInspector.inspectedWindow.eval() can fail silently when inspecting cnn.com.  The attached Chrome extension demonstrates this problem.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.