Closed Bug 33940 Opened 25 years ago Closed 20 years ago

javascript: URLs blocked from accessing DOM of own page by security model

Categories

(Core Graveyard :: Security: UI, defect, P3)

1.0 Branch
All
Windows NT
defect

Tracking

(Not tracked)

VERIFIED DUPLICATE of bug 31818

People

(Reporter: junruh, Assigned: security-bugs)

Details

(Whiteboard: [nsbeta2+])

1) Enter the above string into the location bar, or go to https://junruh.mcom.com/mix.html and click on the navigator.usreAgent button. What is expected: A popup showing the userAgent string. What happens" A blank page opens up. Commercial builds - Win32 and Linux.
isn't brendan back?
Assignee: dougt → brendan
I'm not quite back, but this surely isn't my bug (cuz I was away; and anyway it sounds like a XPToolkit sort of bug). Peter, can you find an owner? Sorry if I should have given it to gramps for further reassignment. /be
Assignee: brendan → trudelle
reproduced in today's bits, reassigning to danm for triage.
Assignee: trudelle → danm
In Javascript Console you´ll find folling Message: JavaScript Error: line 0, column 0: access disallowed from scripts at javascript:alert(navigator.userAgent) to documents at another domain Source line:
Target Milestone: --- → M17
Keywords: nsbeta2
cc mstoltz. is this a js security problem? need more info on why this should be a beta2 stopper.
Whiteboard: [NEED INFO]
Please see bugs 31818 and 28387, there's some discussion about this issue there. Previously, javascript: URLs ran in the trust domain of the currently displayed page. This may be insecure. As a temporary solution, Norris changed this behavior so that javascript: URLs run in their own trust domain, and so do not have access to the DOM of any page. This is probably not the best permanent solution. An alternative is for javacript: urls to run with the privileges of the page from which the url is loaded. This has turned out to be difficult to implement; I have a partial solution but it doesn't yet handle every case. With some help from someone who's familiar with webshell, I may be able to implement this solution. I don't know whether this is a Beta2 stopper, as I don't know who is depending on this use of javascript: URLs. If this is an important feature, then we should talk about how to allow it without compromising security.
Status: NEW → ASSIGNED
Putting on [nsbeta2-] radar. Not critical to beta2.
Whiteboard: [NEED INFO] → [nsbeta2-]
Marking 4xp. Changing Summary from "javascript:alert(navigator.userAgent) creates blank page" to "javascript: URLs blocked from accessing DOM of own page by security model". Assessment: Providing backward compatibility with DOM0 JS 1.1 code on the web is a critical goal for the browser to be a viable product. javascript: URLs are fairly widely used even by beginning JS programmers and are common in the JS 1.1 code that's predominant on the web. Until we are executing the JavaScript code in javascript: URLs on legacy web pages, we won't even be detecting the other backward compatibility bugs we must have. We must fix this for nsbeta2 if we are to have any hope of finding the other b.c. bugs that will be exposed by executing the code in <A HREF="javascript: ..."> URLs in time to fix them for FCS. Clearing [nsbeta2-] to trigger re-evaluation. Recommend [nsbeta2+] stopper.
Keywords: 4xp
Summary: javascript:alert(navigator.userAgent) creates blank page → javascript: URLs blocked from accessing DOM of own page by security model
Whiteboard: [nsbeta2-]
Agreed. I will fix this ASAP. Reassigning to me.
Assignee: danm → mstoltz
Status: ASSIGNED → NEW
Putting on [nsbeta2+] radar for beta2 fix.
Whiteboard: [nsbeta2+]
*** This bug has been marked as a duplicate of 31818 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Verified.
Status: RESOLVED → VERIFIED
Mass changing Security:Crypto to PSM
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: M17 → ---
Version: other → 2.1
Mass changing Security:Crypto to PSM
Product: PSM → Core
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
*** This bug has been marked as a duplicate of 31818 ***
Status: REOPENED → RESOLVED
Closed: 24 years ago20 years ago
Resolution: --- → DUPLICATE
V/dupe. Accidental reopen.
Status: RESOLVED → VERIFIED
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.