The Glider

We have a new challenge! http://www.businessinfo.co.uk/labs/DomAPI/DomAPI.html Can you break my DOM sandbox? More info here:- http://www.thespanner.co.uk/2010/07/30/sandboxed-dom-api/ It isn't a complete DOM yet but stuff like getElementById, firstChild etc should work. You can set attributes on the HTML element, a onclick event and styles. Past exploits include:- //Code is already sandboxed so strings would execute (now fixed) document.getElementById('x').onclick='alert(location)'; //attributes weren't being checked for evil url assignments document.getElementById('x').onclick=function() { this.href='javascript:alert(location)';} Have fun!

This entry was posted on Friday, July 30th, 2010 at 1:13 pm and is filed under XSS Info. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.