JS security and enumerating a Window
Dirk Mueller
mueller at kde.org
Fri Oct 25 19:02:47 BST 2002
On Fre, 25 Okt 2002, Koos Vriezen wrote:
> Changing myframe1.document.write(i + "=" + frames[i] + "<br>"); to
> myframe1.document.write(i + "=" + frames[i].location + "<br>");
>
> mozilla gives
> 0=wyciwyg://0/file:///home/koos/public_html/jsframes.html
> 1 error
Yes, we know that already. but one thing you pointed out remains to be
tested: when a frame registers a function or a variable globally if it is
then accessible even via the XSS check.
IMHO it shouldn't be, but I guess it might be available.
--
Dirk (received 485 mails today)
More information about the kfm-devel
mailing list