Comments on: Minor Safari cross domain bug http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/ Javascript blog with messed up syntax inside Thu, 26 Jan 2012 01:38:34 +0000 hourly 1 By: Gareth Heyes http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/#comment-1577 Gareth Heyes Mon, 22 Jun 2009 07:57:52 +0000 http://www.thespanner.co.uk/?p=443#comment-1577 @sirdarckcat Nice! :) @sirdarckcat

Nice! :)

]]> By: sirdarckcat http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/#comment-1576 sirdarckcat Mon, 22 Jun 2009 03:40:05 +0000 http://www.thespanner.co.uk/?p=443#comment-1576 Native code is ok dude.. http://eaea.sirdarckcat.net/safari-sucks.html Native code is ok dude..
http://eaea.sirdarckcat.net/safari-sucks.html

]]> By: Gareth Heyes http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/#comment-1575 Gareth Heyes Sun, 21 Jun 2009 16:08:09 +0000 http://www.thespanner.co.uk/?p=443#comment-1575 @sirdarckcat In my tests it only allowed native code but if you use a native object then it could work @sirdarckcat

In my tests it only allowed native code but if you use a native object then it could work

]]> By: sirdarckcat http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/#comment-1574 sirdarckcat Sun, 21 Jun 2009 11:45:00 +0000 http://www.thespanner.co.uk/?p=443#comment-1574 Have you played with frame busters? if they do: top.location=self.location; and you set self.location to "javascript:" and top.location to frames[0], then you have a full xss. And with the clickjacking fever everyone has framebusters, from google to M$. Greetz!! Have you played with frame busters?

if they do:
top.location=self.location;

and you set self.location to “javascript:” and top.location to frames[0], then you have a full xss.

And with the clickjacking fever everyone has framebusters, from google to M$.

Greetz!!

]]> By: Gareth Heyes http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/#comment-1573 Gareth Heyes Sun, 21 Jun 2009 07:49:55 +0000 http://www.thespanner.co.uk/?p=443#comment-1573 I think the shortest would be top(name) because you can't read the data just supplying a function as it executes from the other domain. If you could then it wouldn't be minor :) Safari seemed to raise an error when I tried I think the shortest would be top(name) because you can’t read the data just supplying a function as it executes from the other domain. If you could then it wouldn’t be minor :) Safari seemed to raise an error when I tried

]]> By: thornmaker http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/#comment-1572 thornmaker Sun, 21 Jun 2009 00:53:12 +0000 http://www.thespanner.co.uk/?p=443#comment-1572 so for safari... rather than inject "eval(name)" (10 chars) you could inject something like "top(name)" (9 chars) or maybe just "top()" (5 chars!). wtg safari! I'll have to play with this tonight. I don't suppose there's a way in JS to call a function without using parenthesis... aside from using the setter trick (which only firefox supports as far as I know). so for safari… rather than inject “eval(name)” (10 chars) you could inject something like “top(name)” (9 chars) or maybe just “top()” (5 chars!). wtg safari! I’ll have to play with this tonight. I don’t suppose there’s a way in JS to call a function without using parenthesis… aside from using the setter trick (which only firefox supports as far as I know).

]]>