Closed
Bug 33940
Opened 25 years ago
Closed 20 years ago
javascript: URLs blocked from accessing DOM of own page by security model
Categories
(Core Graveyard :: Security: UI, defect, P3)
Tracking
(Not tracked)
People
(Reporter: junruh, Assigned: security-bugs)
Details
(Whiteboard: [nsbeta2+])
1) Enter the above string into the location bar, or go to
https://junruh.mcom.com/mix.html and click on the navigator.usreAgent button.
What is expected: A popup showing the userAgent string.
What happens" A blank page opens up.
Commercial builds - Win32 and Linux.
Comment 2•25 years ago
|
||
I'm not quite back, but this surely isn't my bug (cuz I was away; and anyway it
sounds like a XPToolkit sort of bug). Peter, can you find an owner? Sorry if I
should have given it to gramps for further reassignment.
/be
Assignee: brendan → trudelle
Comment 3•25 years ago
|
||
reproduced in today's bits, reassigning to danm for triage.
Assignee: trudelle → danm
Comment 4•25 years ago
|
||
In Javascript Console you´ll find folling Message:
JavaScript Error: line 0, column 0: access disallowed from scripts at
javascript:alert(navigator.userAgent) to documents at another domain Source
line:
Comment 5•25 years ago
|
||
cc mstoltz. is this a js security problem? need more info on why this should be
a beta2 stopper.
Whiteboard: [NEED INFO]
Assignee | ||
Comment 6•25 years ago
|
||
Please see bugs 31818 and 28387, there's some discussion about this issue there.
Previously, javascript: URLs ran in the trust domain of the currently displayed
page. This may be insecure. As a temporary solution, Norris changed this behavior
so that javascript: URLs run in their own trust domain, and so do not have access
to the DOM of any page. This is probably not the best permanent solution. An
alternative is for javacript: urls to run with the privileges of the page from
which the url is loaded. This has turned out to be difficult to implement; I have
a partial solution but it doesn't yet handle every case. With some help from
someone who's familiar with webshell, I may be able to implement this solution.
I don't know whether this is a Beta2 stopper, as I don't know who is depending
on this use of javascript: URLs. If this is an important feature, then we should
talk about how to allow it without compromising security.
Status: NEW → ASSIGNED
Putting on [nsbeta2-] radar. Not critical to beta2.
Whiteboard: [NEED INFO] → [nsbeta2-]
Comment 8•25 years ago
|
||
Marking 4xp. Changing Summary from "javascript:alert(navigator.userAgent)
creates blank page" to "javascript: URLs blocked from accessing DOM of own page
by security model".
Assessment: Providing backward compatibility with DOM0 JS 1.1 code on the web is
a critical goal for the browser to be a viable product. javascript: URLs
are fairly widely used even by beginning JS programmers and are common in
the JS 1.1 code that's predominant on the web. Until we are executing the
JavaScript code in javascript: URLs on legacy web pages, we won't even be
detecting the other backward compatibility bugs we must have. We must fix this
for nsbeta2 if we are to have any hope of finding the other b.c. bugs that will
be exposed by executing the code in <A HREF="javascript: ..."> URLs in time to
fix them for FCS.
Clearing [nsbeta2-] to trigger re-evaluation. Recommend [nsbeta2+] stopper.
Keywords: 4xp
Summary: javascript:alert(navigator.userAgent) creates blank page → javascript: URLs blocked from accessing DOM of own page by security model
Whiteboard: [nsbeta2-]
Assignee | ||
Comment 9•25 years ago
|
||
Agreed. I will fix this ASAP. Reassigning to me.
Assignee: danm → mstoltz
Status: ASSIGNED → NEW
Assignee | ||
Comment 11•24 years ago
|
||
*** This bug has been marked as a duplicate of 31818 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 13•23 years ago
|
||
Mass changing Security:Crypto to PSM
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: M17 → ---
Version: other → 2.1
Reporter | ||
Comment 14•23 years ago
|
||
Mass changing Security:Crypto to PSM
Comment 15•20 years ago
|
||
*** This bug has been marked as a duplicate of 31818 ***
Status: REOPENED → RESOLVED
Closed: 24 years ago → 20 years ago
Resolution: --- → DUPLICATE
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•