[ServiceWorker] Cache API shouldn't be available outside the service workers (#702)

Go to:
https://googlechrome.github.io/samples/service-worker/prefetch/index.html

And then go to the console and type:
caches.open('prefetch-cache-v1').then(function(cache){cache.put(new Request('static/pre_fetched.txt', {mode: 'no-cors'}), new Response('<script>alert(1)</script>', {headers: {'content-type': 'text/html'}}))})

And then go to:
https://googlechrome.github.io/samples/service-worker/prefetch/static/pre_fetched.txt

This allows an XSS in a website to persist on all cached pages used by the service worker. Note this works across subdirectories (caches are scoped per-origin).


---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/702

Received on Friday, 22 May 2015 09:20:49 UTC