IE/Edge Worker Base Href and importScripts SOP Bypass

Both Microsoft IE and Edge allow the attacker to quickly bypass SOP restrictions on Workers either by setting a BASE HREF to the desired domain, or by doing a bold importScript(URL) from within the worker. Scripts and errors can be leaked (and other members abused) as shown below.

Same Origin Policy -

JavaScript with ><script src="..."></script>

Error messages for syntax errors are only available for same-origin scripts


Note: if the ImportError version fails the first time, retry please.

Detailed Explanation of the bug: Workers SOP Bypass

Questions? Ping me on Twitter @magicmac2000

Special thanks to Gareth Heyes for helping me make this PoC clearer.