Probable security leak in v.10. called "Aurora".
See screenshot Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame:
<frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"> <frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"> </frameset>
由 genuslupae 於
被選擇的解決方法
NO WAY!
While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!
[20:29:53.186] Error: Permission denied to access property 'document'
love Aurora
從原來的回覆中察看解決方案 👍 0所有回覆 (2)
O.K., You had The Chance, guys.
選擇的解決方法
NO WAY!
While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!
[20:29:53.186] Error: Permission denied to access property 'document'
love Aurora