Bug 69708 - Remove "near miss" XSS vulnerabilities in garden-o-matic
Summary: Remove "near miss" XSS vulnerabilities in garden-o-matic
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Adam Barth
URL:
Keywords:
Depends on:
Blocks: 69227
  Show dependency treegraph
 
Reported: 2011-10-08 14:05 PDT by Adam Barth
Modified: 2011-10-09 19:28 PDT (History)
5 users (show)

See Also:


Attachments
Patch (4.30 KB, patch)
2011-10-08 14:06 PDT, Adam Barth
no flags Details | Formatted Diff | Diff
Patch for landing (4.31 KB, patch)
2011-10-09 19:14 PDT, Adam Barth
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Barth 2011-10-08 14:05:28 PDT
Remove "near miss" XSS vulnerabilities in garden-o-matic
Comment 1 Adam Barth 2011-10-08 14:06:58 PDT
Created attachment 110282 [details]
Patch
Comment 2 David Levin 2011-10-09 18:58:07 PDT
Comment on attachment 110282 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=110282&action=review

> Tools/BuildSlaveSupport/build.webkit.org-config/public_html/TestFailures/scripts/ui.js:80
> +        if (tab.parentNode != this)

I'm sure this is obvious to you (and maybe to others?), but I don't understand why this check is need/what it is doing.

Maybe you could add a comment about that (and commit it).

If it is totally obvious, feel free to just add something in the bug and cq+ this.
Comment 3 Adam Barth 2011-10-09 19:11:53 PDT
getElementById is a global function.  It could return a DOM node anywhere in the document (which could have been put their by an attacker).  That check just restricts it to the immediate children of this node, which greatly limits any trickery.
Comment 4 Adam Barth 2011-10-09 19:14:24 PDT
Created attachment 110317 [details]
Patch for landing
Comment 5 WebKit Review Bot 2011-10-09 19:28:09 PDT
Comment on attachment 110317 [details]
Patch for landing

Clearing flags on attachment: 110317

Committed r97036: <http://trac.webkit.org/changeset/97036>
Comment 6 WebKit Review Bot 2011-10-09 19:28:14 PDT
All reviewed patches have been landed.  Closing bug.