Re: A perfect DOM sandbox

On 2/15/11 5:06 AM, gaz Heyes wrote:
> On 15 February 2011 07:54, Boris Zbarsky <
> <>> wrote:
>     On 2/15/11 2:40 AM, <> wrote:
>              if(navigator.userAgent.match(/Firefox/))
>                  ifr.setAttribute("src","/xss.php?csp&plain_text");
>     What's the point of that?
> He sets the url to a script which has CSP enabled to provide same origin
> restrictions

Yes, but he never lets it load, so those restrictions never take effect.

>          try {
>              ifr.contentDocument.documentElement.innerHTML=src;
>     Given that you immediately do this?
> I think you might be confused with sdc's naming conventions, "src"
> actually refers to the source code supplied not the url of the iframe.

No, I'm not confused.  He sets the iframe's src to something, then 
without waiting for that something to load sets the innerHTML of the 
about:blank document that's in the iframe right now.  Which raises the 
question of why he bothered setting the iframe's src in the first place. 
  Which is the question I asked.


Received on Tuesday, 15 February 2011 16:45:16 UTC