Rich editing allows cross domain scripting – Opera Security Advisories

Problem Description

Rich editing using designMode allows page contents to be edited. Pages can use this ability to inject scripts into pages from other domains. This allows cross domain scripting.

Opera’s Response

Opera Software has released Opera 9.25, where this issue has been fixed.

Credits

Thanks to David Bloom for reporting this issue to Opera Software.