-
Notifications
You must be signed in to change notification settings - Fork 170
Open
Labels
Description
https://research.securitum.com/xss-in-amp4email-dom-clobbering/ is a good example of the kinds of attacks enabled by the somewhat unexpected mapping of elements into the global namespace via the namedItem()
getter on Window
:
- https://html.spec.whatwg.org/#dom-window-nameditem
- https://html.spec.whatwg.org/#naming-form-controls:-the-name-attribute
We can't turn this off by default, as ~8% of pages depend on it in one way or another in Chrome's dataset, but it would be lovely if we could disable this footgun via (something like?) FP.
StommePoes, ivan, derflocki, nicolashenry, arturjanc and 8 moreCetinSertCetinSert