[Webkit-unassigned] [Bug 63083] New: Web Inspector: wrong JSON.stringify used in webInspector.inspectedWindow.eval() backend
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 21 11:43:00 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=63083
Summary: Web Inspector: wrong JSON.stringify used in
webInspector.inspectedWindow.eval() backend
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Web Inspector
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mhillyard at google.com
CC: timothy at apple.com, rik at webkit.org, keishi at webkit.org,
pmuellr at yahoo.com, joepeck at webkit.org,
pfeldman at chromium.org, yurys at chromium.org,
bweinstein at apple.com, apavlov at chromium.org,
loislo at chromium.org
The devtools backend JSON.stringifys the result of an eval on the inspected page, i.e. when performing webInspector.inspectedWindow.eval(). The JSON.stringify that is executed is not properly sandboxed and may be an implementation provided by the inspected page. cnn.com provides a non-standard implementation, so webInspector.inspectedWindow.eval() can fail silently when inspecting cnn.com. The attached Chrome extension demonstrates this problem.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list