Open Bug 110664 Opened 23 years ago Updated 2 years ago

Permission denied to get property NodeList.length

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Platform:
x86
Linux
Type:
defect

Tracking

()

People

(Reporter: han.holl, Assigned: dveditz)

References

Details

Attachments

(1 file)

Copy to local hard disk as /util/domviewer.html
4.58 KB, text/html
Details 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5+) Gecko/20011116
BuildID:    2001111608


I'm running a script from the hard disk with 
	netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
included. I try to traverse a document, and for the most part
succeed, but get errors om some properties:

Error: uncaught exception: Permission denied to get property NodeList.length
The same goes for  NamedNodeMap.length, HTMLCollection.length
HTMLDocument.enumerateProperties and CSSStyleDeclaration.length.

I'll try to create two attachments to reproduce, bit I didn't have much 
luck lately with bugzilla and attachments.

Reproducible: Always
Steps to Reproduce:
1.Copy attachment #1 [details] [diff] [review] to local hard disk (/util/domviewer.html)
2.Install attachment #2 [details] [diff] [review] as bookmarklet
3.Load any page from the web, select something an click Domviewer bookmark.
In domviewer window, try to expand things like [ object NodeList],
and look at the Javascript console

Actual Results:  Doesn't work, but throws exception

Expected Results:  Should expand the object.
One day, I'll have to find out why I cannot create attachments with
bugzilla. In the meantime: here is number 1: (cut and paste work, thank God).

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd"> 
<!-- ---------------------------------------------------- -->
<!-- DOM Viewer                                           -->
<!--                                                      -->
<!-- Copyright 2000, 2001 by Mike Hall                    -->
<!-- Please see http://www.brainjar.com for terms of use. -->
<!-- ---------------------------------------------------- -->
<html>
<head>
<title>Brainjar.com: DOM Viewer</title>
<link href="/common/default.css" rel="stylesheet" type="text/css">
<style type="text/css">

a.object {
  color: #0000ff;
}

li {
  white-space: nowrap;
}

ul {
  list-style-type: square;
  margin-left: 0px;
  padding-left: 1em;
}

</style>
<script type="text/javascript">

// Netscape 6 (or Mozilla)?

var isNS6 = (navigator.userAgent.indexOf("Gecko") > 0) ? 1 : 0;

// Array for tracking objects to expand or collapse.

var objectList = new Array();

function showProperties(obj, name) {

  var i, j, s;
  var propertyList, temp;
  var property, value;
  var lines;

  if (!name && obj && obj.id)
    name = obj.id;

  // Create a list of the object's properties sorted alphabetically by
  // name so they can be listed in order.

  propertyList = new Array;
  for (property in obj)
    propertyList[propertyList.length] = String(property);
  propertyList.sort();

  // Build a list of properties and values for this object as a string
  // in HTML format.

  s = "<ul>";

  for (i = 0; i < propertyList.length; i++) {
    property = String(propertyList[i]);
    try {
	  var o = obj[propertyList[i]];
      value = String(o);
    }
    catch (exception) {
      value = "<i>" + String(exception) + "</i>"
    }

    // If the object property is itself an object, create it as a link
    // so its properties can be expanded and collapsed.

    if (value.indexOf("[") == 0 && value.lastIndexOf("]") == value.length - 1) {
      objectList[objectList.length] = obj[propertyList[i]];
      value = makeLink(objectList.length - 1, name + "." + property, value);
    }

    // If the property text contains HTML, encode it for display.

    if (property == "innerHTML" || property == "outerHTML") {
      var lines = value.split("\n");
      value = "";
      for (j = 0; j < lines.length; j++) {
        lines[j] = lines[j].replace(/(.?)<(.?)/g, "$1&lt;$2");
        lines[j] = lines[j].replace(/(.?)>(.?)/g, "$1&gt;$2");
        value += lines[j];
      }
    }

    // Add the property/value string as an HTML list item.

    s += "<li>" + name + "." + property + " = " + value + "</li>";
  }

  // For Netscape, enumerate items in an array or collection.
  // Note: IE reflects individual item using the index number as
  // the property name so this is not necessary.

  if (isNS6 && obj.item) {
    for (j = 0; j < obj.length; j++) {
      objectList[objectList.length] = obj[j];
      temp = makeLink(objectList.length - 1, name + "[" + j + "]",
                      String(obj[j]));
      if (obj[j])
        s += "<li>" + name + "[" + j + "] " + temp + "</li>";
    }
  }

  // End the HTML list and return the string.

  s += "</ul>";

  return s;
}

function makeLink(i, name, text) {

  return '<a class="object" href="" onclick="'
       + 'if (!this.isExpanded)'
       + 'createList(this,objectList[' + i + '],\'' + name + '\');'
       + 'else destroyList(this);event.cancelBubble=true;return false;">'
       + text + '</a>';
}

function createList(target, obj, name) {

  var node;

  // Generate property list and append it to document after the current node.

  node = document.createElement("SPAN");
  node.innerHTML = showProperties(obj, name);
  target.parentNode.appendChild(node);
  target.isExpanded = true;
}

function destroyList(target) {

  // Remove a generated property list from the document.

  target.parentNode.removeChild(target.parentNode.lastChild);
  target.isExpanded = false;
}

</script>
</head>
<body>

<h3>DOM Viewer</h3>

<script language="javascript">

// Show properties for the specified object in the opening window. Default to
// the document if no object is specified.
if (isNS6) {
	netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
}


var DOMViewerObj  = window.opener.DOMViewerObj;
var DOMViewerName = window.opener.DOMViewerName;
if (!DOMViewerObj) {
  DOMViewerObj = window.opener.document;
  DOMViewerName = "document";
}

document.writeln(showProperties(DOMViewerObj, DOMViewerName));

</script>

</body>
</html>

Second attachment: this is pasted from my bookmarks.html.
I'm a bit uncertain about all the quoting that is going on:

I've broken lines that are too long with excaped linefeeds.

<DT><A HREF="javascript:aqaq=function(){\
DOMViewerObj=window.getSelection().focusNode.parentNode;\
DOMViewerName=DOMViewerObj.nodeName;\
var win=window.open('');win.location=%22file:///util/domviewer.html%22;\
};aqaq()" ADD_DATE="1006035528" LAST_MODIFIED="1006035769"
LAST_CHARSET="ISO-8859-1">Domviewer</A>

Past this in your bookmark.html, remove the escaped linefeeds, and you
should end up with a bookmarklet. Load any page from the Internet,
select something, click the domviewer bookmark, and try to expand any
NodeList, NamedNodeMap or other object I mentioned in my original
message.
Sorry for the somewhat complicated testcase, but I didn't knoe how to
simplify this.

file attachment is broken as of the Nov 15 evening builds. Using a build from
before that should be fine.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Old version of Mozilla now; thanks Boris
Assignee: security-bugs → dveditz
QA Contact: bsharma → caps
Depends on: 434522
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: