> Demonstration: > ============== > > A fully dynamic proof-of-concept demonstration > of this issue is available at > http://security.greymagic.com/adv/gm001-ns/. As some of you may have noticed, the above proof-of-concept does not work in Mozilla 1.0 Release Candidate 1. Don't get your hopes high about this though, the issue has not been fixed in moz1rc1 - the XMLHttpRequest was simply broken in this version of the browser for unknown reasons, a fact not mentioned in the release notes. When trying to use it, either nothing happens or the browser crashes. The proof-of-concept works just fine in Mozilla 0.9.9 (and NS6.1+), and would work fine in moz1rc1 if the XMLHttpRequest object could be used at all. The Mozilla XML-Extras project also includes a document.load method that is used to load XML documents. The same issue applies to this method, and a proof-of-concept demonstration that also works in moz1rc1 can be found at http://jscript.dk/2002/4/NS6Tests/documentload.html Regards Thor Larholm Jubii A/S - Internet Programmer
This archive was generated by hypermail 2b30 : Tue Apr 30 2002 - 14:04:11 PDT