Re: A perfect DOM sandbox from gaz Heyes on 2011-02-17 (public-web-security@w3.org from February 2011)

From: gaz Heyes <gazheyes@gmail.com>
Date: Thu, 17 Feb 2011 14:27:45 +0000
To: Giorgio Maone <g.maone@informaction.com>
Cc: "sird@rckc.at" <sird@rckc.at>, Boris Zbarsky <bzbarsky@mit.edu>, public-web-security@w3.org
Message-ID: <AANLkTimPv4cGgpyi=7Ri_=2Mv2-5kGUpPEOztT24G8UL@mail.gmail.com>

On 17 February 2011 13:59, Giorgio Maone <g.maone@informaction.com> wrote:

> What am I missing? (sorry if I'm actually missing anything obvious, since
> I'm late in this thread).
> -- G
>

Basically in every browser (including FF) single DOM CSS rules become
multiple rules if you read the data back and assign it, innerHTML can
rewrite the HTML when it's modified and thus create malicious data from
perfectly fine valid data.

Received on Thursday, 17 February 2011 14:28:18 UTC