js/xpconnect/crashtests/509075-1.html@129ffea94266
js/xpconnect/crashtests/509075-1.html
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- permissions
- -rw-r--r--
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2 <html>
3 <script>
5 var txt = document.createTextNode("");
6 var b = document.createElement("b");
7 var w = b["watch"];
8 var txtdg = txt["__lookupGetter__"];
9 w["__defineGetter__"]("toString",txtdg);
10 var obj = {
11 variable: 910,
12 fun: function() {
13 w["toString"]();
14 }
15 };
17 function vuln()
18 {
19 window.status = "" + obj.variable;
20 try{
21 obj.fun();
22 }catch(er){}
23 return obj;
24 }
26 var ret = vuln();
27 </script>
28 </html>
