96559 – Web Inspector: information leak in JS console

RESOLVED INVALID Bug 96559

Web Inspector: information leak in JS console

https://bugs.webkit.org/show_bug.cgi?id=96559

Summary Web Inspector: information leak in JS console

Thaddee Tyl

Reported 2012-09-12 14:17:20 PDT

How to reproduce: 1. Go to the following URL: data:text/html,<!doctype><title></title><script>window.eval = function (e) { console.log('sending ' + e + ' to a malicious website!'); };</script> 2. Open the JS console. 3. Enter something. What happens: The JS console is, in this case, rendered useless because it outputs sending with ((window && window.console && window.console._commandLineAPI) || {}) { something } to a malicious website! With more malicious use of this issue, it could cause information leak from all developers on the website. What should happen: The JS console should execute the JS code entered in the console.

Attachments
Add attachment proposed patch, testcase, etc.

Pavel Feldman

Comment 1 2012-09-12 23:59:26 PDT

1) we no longer use window's eval for it. See newer Canary / nightly 2) even when we did I don't see how that could be exploited

Thaddee Tyl

Comment 2 2012-09-13 00:51:49 PDT

Outstanding!

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Major

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component Web Inspector (Deprecated)

Assignee

Nobody

Reported

2012-09-12 14:17 PDT

Modified

2012-09-13 00:51 PDT History

CC List

12 users Show

URL

Keywords

Depends on

Blocks