Closed
Bug 41919
Opened 24 years ago
Closed 24 years ago
4xp Javascript in location bar and bookmarks cannot access current page
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
People
(Reporter: tpowellmoz, Assigned: security-bugs)
References
()
Details
From Bugzilla Helper: User-Agent: Mozilla/4.61 [en] (WinNT; I) BuildID: 2000060608 Typing a javascript url into the location bar or accessing a bookmark containing a javascript url (often called a bookmarklet) cannot act on the currently loaded html document page. Reproducible: Always Steps to Reproduce: 1. Load a page with a form and javascript functions defined. 2. Try to access the form or call the functions by typing a javascript url in the location bar or accessing a javascript bookmark. Actual Results: This generates an empty JavaScript error: XUL/Content JavaScript: JavaScript Error: line 0, column 0: Source line: It is common for bookmarklets to act on and change known form elements in a page. Some editors of the Open Directory Project (dmoz.org) use them extensively. It is also common to type javascript:alert urls to check values on a loaded page for debugging. Sometimes it is useful to type things like javascript:myFunction() in the location bar to call the myFunction function defined on the current page. These javascript urls work in Netscape 4.x and IE. I don't believe it is a security issue for the local machine to have access to any document through javascript urls or bookmarks. And it seems like pages in the same domain should also have such access (I think this was common in 4.x.) so you could do something like javascript:opener.setMyValues(). There need to be security restrictions between secure and insecure pages. A bug like this for secure pages is 33940. Bugs with bookmarklets not functioning (and different types of errors) are 33224 and 30544.
Comment 1•24 years ago
|
||
The supplied URL does work if you click on the "URL:" link next to the URL field above, but if you copy the javascript: url into the URL bar you get the reported error. This is most likely due to the security problems with javascript url's, confirming and reassigning to mstoltz for investigation.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 3•24 years ago
|
||
All right, this bug has been filed about six times. I'm working on a fix right now. *** This bug has been marked as a duplicate of 31818 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•