Closed Bug 12957 Opened 25 years ago Closed 25 years ago

Setting cookie in www.netscape.com would get security error

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: norrisboyd)

References

(
URL
)

Details

(Whiteboard: Either joki or vidur could help) 

Change mozilla/modules/libpref/src/win/winprefs.js so that security is enabled
by changing the line
/* DISABLE FOR NOW
to
///* DISABLE FOR NOW
and similarly for the comment close. Rebuild so the changed file is copied to
dist.

Start apprunner. Place a breakpoint on the line
    if (NS_FAILED(globalData->GetPrincipal(result))) {
in method
    nsScriptSecurityManager::GetObjectPrincipal
in file mozilla/caps/src/nsScriptSecurityManager.cpp.

Load http://www.netscape.com. You should hit the breakpoint. Continue until you
see SetHTMLDocumentProperty in the call stack.

Examine
{,,NECKO.DLL}*(nsStdURL*){,,RDF.DLL}(((*(XULDocumentImpl*){,,JSDOM.DLL}((*(Globa
lWindowImpl*){*}((globalData).mRawPtr)).mDocument)).mDocumentURL).mRawPtr)

You'll see that the document's url is the navigator.xul file. This causes a
security error because it looks like a script from www.netscape.com is trying to
modify an object in chrome.
Blocks: 7254
No longer blocks: 7254
Target Milestone: M11
Marking M11 since needed for beta.
This bug is likely related to 13192, which is a small test case.
Blocks: 7254
Whiteboard: Either joki or vidur could help
Assignee: joki → norris
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Vidur's changes to fix document parenting have fixed this problem.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.