Carefully timed redirects can allow cross site scripting – Opera Security Advisories




Scripts on a page are supposed to be restricted so that they can only interact with other pages from the same domain and security context. Carefully timed redirects can cause scripts to execute in the wrong security context in Opera. This allows cross site scripting (XSS).

Opera’s response

Opera Software has released Opera 11, where this issue has been fixed.