git://git.webkit.org / WebKit-https.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 62c60f1) | patch
Reviewed by John.
authormjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 7 Dec 2004 00:24:21 +0000 (00:24 +0000)
committermjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 7 Dec 2004 00:24:21 +0000 (00:24 +0000)
commit3e4a5325aecbbcc578922678b3cada442b49fea1
treec7f5b1c939b201f408c23e26a006a19852e13b85tree | snapshot
parent62c60f1f39b99bbd9291fd821b31089af826897ccommit | diff
    Reviewed by John.

- fixed <rdar://problem/3903797> scripts can cause other frames/windows to execute arbitrary script using javascript: URLs

I changed all unprotected places that can navigate a different
window or frame from script to check for a javascript: URL, and if
found, to check for safety using cross-site-script rules.

I considered a few other possible exploits and made no change:

- document.location is already protected because the document
object itself is protected

- frame.src, frame.location, iframe.src and targetted links are
all safe because setting the URL of a frame to a javascript: URL
executes the script in the context of the parent

* khtml/ecma/kjs_window.cpp:
        (WindowFunc::tryCall):
        (Location::put):
        (LocationFunc::tryCall):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@8136 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebCore/ChangeLog-2005-08-23 diff | blob | history
WebCore/khtml/ecma/kjs_window.cpp diff | blob | history
Mirror of the WebKit open source project from svn.webkit.org.