IFRAMEs, as the name suggests, are inline frames that create what is essentially a page-within-a-page. Nevertheless, it’s an important reminder that context is important. This one was rated “low”, so we assume it’s unlikely to cause much harm even if someone figures out how to exploit it on unpatched computers. CVE-2022-28286: IFRAME contents could be rendered outside the border.Ironically, this might mean that someone helping out by investigating an innocent-looking problem triggered by someone else’s website (or injected ad page) could end up allowing scripts from that “broken” website to take a peek at local, private data. In this case, obfuscated JavaScript in a web page could have been booby-trapped so that a developer trying to debug it might inadvertently load privileged content such as the contents of local files. SourceMap tries to reverse this obfuscation in order to make bugs and rendering problems easier to spot. Many JavaScript programs sent over the internet are deliberately sent in non-human-readable form, sometimes as a way of making them harder to figure out, but often simply as a way of squashing them up to save download space and time. The SourceMap tool in Firefox isn’t intended for everyday use – it’s a feature that’s useful for developers wanting to dig into the JavaScript source code of a web page to see why it’s misbehaving. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |