当サイトはユーザー体験を改善するためのメンテナンスを実施中に機能が制限される予定です。記事を読んでもあなたの問題が解決せず質問をしたい場合は、Twitter の @FirefoxSupport、Reddit の /r/firefox で、サポートコミュニティが皆さんを助けようと待機しています。

Mozilla サポートの検索

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

詳しく学ぶ

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

Why does Firefox execute Javascript in the referring window's/tab's context when target="_blank" is used with a data:uri?

more options

I set a link's target to _blank. With the href attribute set to a data-uri with a script tag, and the previous window's context executes the javascript. Does this happen with using window.open()? This would allow an attacker with XSS to steal localStorage data, and there is apparently no way for a developer to isolate a window's execution context. My question is, why does a data:uri execute script in the previous window's (i.e the window with the target="_blank" attribute set) context even though it opens in a new tab? And, how is a developer supposed to isolate a window's Javascript context, since _blank doesn't do it?

I set a link's target to _blank. With the href attribute set to a data-uri with a script tag, and the previous window's context executes the javascript. Does this happen with using window.open()? This would allow an attacker with XSS to steal localStorage data, and there is apparently no way for a developer to isolate a window's execution context. My question is, why does a data:uri execute script in the previous window's (i.e the window with the target="_blank" attribute set) context even though it opens in a new tab? And, how is a developer supposed to isolate a window's Javascript context, since _blank doesn't do it?

選ばれた解決策

JavaScript allows some access between windows (e.g., using the window.opener property from the "child" window).

What is the attack you want to guard against?

この回答をすべて読む 👍 0

すべての返信 (3)

more options

I don't use data URIs, so this may be a dumb question: is Firefox processing your data URI differently than the way it would execute the same code in an onclick handler in the same link?

more options

I think it would be processing it the same way as onclick. The inconsistency here is, a _blank or a _new window implies a new context, but the Javascript runs in the same context that it came from. Is there a secure way to isolate the two windows? (one with the link, and one that just opened by clicking the link)

more options

選ばれた解決策

JavaScript allows some access between windows (e.g., using the window.opener property from the "child" window).

What is the attack you want to guard against?