RESOLVED FIXED Bug 16387
Variable names can be enumerated across domains 
https://bugs.webkit.org/show_bug.cgi?id=16387
Summary Variable names can be enumerated across domains
Henry Mason
Reported 2007-12-10 14:15:27 PST
WebKit currently allows for enumeration of all the property names in window object via a JavaScript "for .. in " loop, even when the window object is from a foreign domain. This could cause a security problem if a JavaScript author made the mistake of storing a password in a variable name or something. I've posted a demonstration of this problem to this bug's URL. Document B sets a global variable named "superSecretThing", document A embeds document B in an iframe, and is able to see the secret variable name from a foreign domain.
Attachments
patch (6.19 KB, patch)
2007-12-30 22:54 PST, Sam Weinig 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2007-12-10 20:20:23 PST
<rdar://problem/5640454>
Ian 'Hixie' Hickson
Comment 2 2007-12-30 21:19:26 PST
This can, e.g., leak whether a user is logged in on another domain, if that domain initialises variables after the user logs in.
Sam Weinig
Comment 3 2007-12-30 22:54:29 PST
Created attachment 18204 [details] patch
Sam Weinig
Comment 4 2007-12-30 23:02:28 PST
Landed in r29044.
Note You need to log in before you can comment on or make changes to this bug.