[Webkit-unassigned] [Bug 96559] New: Web Inspector: information leak in JS console

Wed Sep 12 14:16:55 PDT 2012

https://bugs.webkit.org/show_bug.cgi?id=96559

           Summary: Web Inspector: information leak in JS console
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: Web Inspector
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: thaddee.tyl at gmail.com
                CC: timothy at apple.com, rik at webkit.org, keishi at webkit.org,
                    pmuellr at yahoo.com, joepeck at webkit.org,
                    pfeldman at chromium.org, yurys at chromium.org,
                    bweinstein at apple.com, apavlov at chromium.org,
                    loislo at chromium.org

How to reproduce:

1. Go to the following URL: data:text/html,<!doctype><title></title><script>window.eval = function (e) { console.log('sending ' + e + ' to a malicious website!'); };</script>
2. Open the JS console.
3. Enter something.

What happens:
The JS console is, in this case, rendered useless because it outputs

    sending with ((window && window.console && window.console._commandLineAPI) || {}) {
    something
    } to a malicious website!

With more malicious use of this issue, it could cause information leak from all developers on the website.

What should happen:
The JS console should execute the JS code entered in the console.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.