- From: gaz Heyes <gazheyes@gmail.com>
- Date: Tue, 15 Feb 2011 10:12:51 +0000
- To: "sird@rckc.at" <sird@rckc.at>
- Cc: public-web-security@w3.org
- Message-ID: <AANLkTik5C+FfKKGRjw+UGrud8HE0kWOTJ11yfZUUCHVa@mail.gmail.com>
On 15 February 2011 07:40, sird@rckc.at <sird@rckc.at> wrote: > Try this function, does it meet your needs? (try it on > http://0x.lv/shell.html). Works on FF 4, IE 6/7/8, Safari, Opera and > Chrome.. though, I haven't really tested how safe it is :) it just seems to > work. > > Worth noting that it returns a HTMLNodeElement belonging to a deleted > document, with no Window associated with it.. which means that it's > ownerDocument may be null in some browsers, and you can't appendNode > (because you need to importNode first). > > Either way, it shouldn't execute stuff if you play with it.. oh also, you > probably want to modify the iframe's <base href>. > How would you set the data back? For example <div style=color:#fff>, how would you now render that once you have the node? I'd say the problem with this approach is that it relies on there being no execution once you import the node back and that when you set the to render you actually get the result you intended. My original point was it's perfectly valid to create a DOM sandbox if you account for the "quirks" but you can't be 100% certain it's secure.
Received on Tuesday, 15 February 2011 10:13:23 UTC