Re: DOM traversal ambiguity question from Ory Segal on 2008-08-18 (public-html@w3.org from August 2008)

From: Ory Segal <orysegal@gmail.com>
Date: Mon, 18 Aug 2008 16:18:42 +0300
To: "Boris Zbarsky" <bzbarsky@mit.edu>
Cc: public-html@w3.org
Message-ID: <a9a26b7b0808180618x6c6c1defm6d4e772dbd6839ca@mail.gmail.com>

Hi,

One more thing -

Do you agree that there's a DOM (traversal) ambiguity here?

parent.someObject can refer both to a JS object with that name, or a child
element.

-Ory

On Mon, Aug 18, 2008 at 3:57 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> Ory Segal wrote:
>
>> As my previous email mentioned, the child cannot set/get any objects on
>> the parent, but it can still query for their existence, which means that:
>>
>> if ( parent.someObject )
>>
>> will still return TRUE/FALSE.
>>
>
> As it happens, the child _can_ in fact get a property off the parent window
> if that property is another frame.  At least in some UAs.  That seems like a
> security bug; I wonder whether it can be fixed without breaking the web...
>
> -Boris
>

Received on Monday, 18 August 2008 13:19:19 UTC