es-lab icon indicating copy to clipboard operation
es-lab copied to clipboard
verified publisher icon tvcutsem

window.frames === window

Open GoogleCodeExporter opened this issue 11 years ago • 0 comments 

On major browsers (tested on FF5, Chrome 11 and Opera 11.11), window.frames === 
window. This could be a way for a script writer to access the global object 
without having been invited to.
For instance, in:
-----
(function(){
  return ({}).toString.call(frames);
})();
-----
The "frames" identifier resolves into the global object.
Return value is "[Object Window]"

Original issue reported on code.google.com by [email protected] on 25 Jun 2011 at 12:17

GoogleCodeExporter avatar Mar 16 '15 20:03 GoogleCodeExporter