(*** This bug was imported into bugs.kde.org ***) Package: kjs Version: KDE 3.0.1 Severity: normal Installed from: Compiled From Sources Compiler: 2.95.3 20010315 OS: Solaris OS/Compiler notes: Solaris 8/Sparc Architecture location.href is allowing javascript to read the URL of other browser frames. eg if I write the following set webpages : menu.html <HTML> <HEAD> <script language="javascript"> <!-- function doForm() { document.myForm.frameurl.value=window.parent.main.location.href; document.myForm.submit(); return true; } // --> </script> </HEAD> <BODY> <BR> <FORM METHOD="POST" ACTION="/servlets/demoServlets.ShowParams" NAME="myForm"> <INPUT TYPE="HIDDEN" NAME="frameurl"> <INPUT TYPE=BUTTON VALUE=" Click Me " OnClick="doForm()"> </FORM> </BODY> </HMTL> Now if I set this up as the menu part of a frameset with the other frame named main every time the 'click me' button is pressed konqueror happily sends me back the URL of whatever is being viewed in the main window. In some circumstances this is OK if the page in the main frame comes from the same webserver/directory as the script but if the page in the main frame is from a completely different website it ought to block this netscape/mozilla/ie all do. I've put an example of what should and should not work on http://mork.cs.bham.ac.uk/frames/ This has potential privacy implications ! I've managed to demonstrate this bug in kde 3.0.1/linux as well as solaris. (Submitted via bugs.kde.org)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for report and testcase. Bug fixed in CVS. - -- David FAURE david@mandrakesoft.com faure@kde.org http://people.mandrakesoft.com/~david/ Contributing to: http://www.konqueror.org/ http://www.koffice.org/ KOffice-1.2-beta2 is coming very shortly... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9EgyK72KcVAmwbhARAu19AKCAS6gjUuklGq3QB/vOHF0aD2t4hwCgs42V lkNAYbvohR+jk0YBsqJ3rls= =SOnA -----END PGP SIGNATURE-----