96559 2012-09-12 14:17:20 -0700 Web Inspector: information leak in JS console 2012-09-13 00:51:49 -0700 1 1 1 Unclassified WebKit Web Inspector (Deprecated) 528+ (Nightly build) All All RESOLVED INVALID P2 Major --- 0 thaddee.tyl webkit-unassigned apavlov bweinstein caseq joepeck keishi loislo paulirish pfeldman pmuellr rik timothy yurys oldest_to_newest 718710 0 thaddee.tyl 2012-09-12 14:17:20 -0700 How to reproduce: 1. Go to the following URL: data:text/html,<!doctype><title></title><script>window.eval = function (e) { console.log('sending ' + e + ' to a malicious website!'); };</script> 2. Open the JS console. 3. Enter something. What happens: The JS console is, in this case, rendered useless because it outputs sending with ((window && window.console && window.console._commandLineAPI) || {}) { something } to a malicious website! With more malicious use of this issue, it could cause information leak from all developers on the website. What should happen: The JS console should execute the JS code entered in the console. 719121 1 pfeldman 2012-09-12 23:59:26 -0700 1) we no longer use window's eval for it. See newer Canary / nightly 2) even when we did I don't see how that could be exploited 719173 2 thaddee.tyl 2012-09-13 00:51:49 -0700 Outstanding!