Closed
Bug 43327
Opened 24 years ago
Closed 24 years ago
history[0] is undefined when it shouldn't be
Categories
(Core :: DOM: Core & HTML, defect, P3)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
FIXED
M18
People
(Reporter: czhang, Assigned: jst)
References
()
Details
(Whiteboard: [nsbeta3+][HAVE FIX])
Attachments
(3 files)
7.67 KB,
patch
|
Details | Diff | Splinter Review | |
18.97 KB,
patch
|
Details | Diff | Splinter Review | |
638 bytes,
patch
|
Details | Diff | Splinter Review |
load 6/20 build on NT go to the page in URL above, the code is ---------------------------------------------- <script> netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead"); document.write("<h1>"+history[0]+"</h1>"); </script> I assume that the page served from SSL server is signed, but javascript console says "uncaught exception: enableprivilege not granted". it is working fine with NS4.7
Comment 1•24 years ago
|
||
Signing a page and serving it from an SSL server are two different things. In 4.x, scripts could derive a signature from the server SSL certificate, not so in Seamonkey. I considered this feature, but there wasn't time and I'm told some people don't want it to be there. To use enablePrivilege, you must either sign your scripts with signtool (I'll show you how to do this, Cathy), or enable codebase principal support. SSL doesn't work for this purpose. Marking WONTFIX.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WONTFIX
Summary: SSL server can't enableprivilege of the javascript, script is treated as unsigned → SSL server can't enableprivilege of the javascript, script is treated as unsigned
Reporter | ||
Comment 2•24 years ago
|
||
Mitch, I turned on signed_applets_codebase_prinple_support in all.js to be true, but it does not help, the variable is undefined, there is no error in javascript console though
Comment 3•24 years ago
|
||
Sorry, signed scripts and codebase principals have both regressed in the few weeks since I last dealt with them. Cathy, I'll let you know when they're fixed and we can work on testcases.
Reporter | ||
Comment 4•24 years ago
|
||
change the bug summary.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Summary: SSL server can't enableprivilege of the javascript, script is treated as unsigned → signed scripts and codebase principals (turned on) should be able to enableprivilege of the javascript
Comment 5•24 years ago
|
||
Adding nsbeta2...I will fix this within a few days providing I can get jar:http URLs working. This is an important piece of security functionality which is broken right now.
Comment 6•24 years ago
|
||
Putting on [NEED INFO] radar. PDT needs to know impact to user and risk of fix to make a call on this bug. Will this break netcenter activation?
Whiteboard: [NEED INFO]
Comment 7•24 years ago
|
||
The problem here is not with the caps code, I think. Enabling other privileges using codebase principals works fine. For example, try http://warp/u/mstoltz/tests/pref.html , which contains the following code: --------------------------- <script> netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead"); document.write("<h1>"+navigator.preference("browser.history.last_page_visited")+"</h1>"); </script> --------------------------- I believe the problem is specifically with the history object, as the security check on access to history returns success. Reassigning to DOM and changing summary. Try the URL in the URL field above for a demonstration of the history problem. Clearing nsbeta2 because I don't see this as a beta stopper. It's not a security problem.
Assignee: mstoltz → jst
Status: ASSIGNED → NEW
Component: Security: General → DOM Level 0
Keywords: nsbeta2
QA Contact: czhang → desale
Summary: signed scripts and codebase principals (turned on) should be able to enableprivilege of the javascript → history[0] is undefined when it shouldn't be
Whiteboard: [NEED INFO]
Johnny, Is it anyway linked to bug 21373 ? Currently, in the activation process we try to execute history.back() which may be trying to load history[0] (bugscape bug 1231). Nothing happens at that point. In bug 21373, Ihave explained the problem further. If you see any relation, please do take a look as it is one of the commonly used piece of code in activation scripts.
Assignee | ||
Comment 9•24 years ago
|
||
Radha, looks like this could be related to the session history history bugs you're working on, if not give this back to me.
Assignee: jst → radha
Comment 10•24 years ago
|
||
history.go(0) will now work. I'm not sure if that will give history[0]. Can someone verify this. I can't go to the url provided.
Comment 11•24 years ago
|
||
Tested it on today's Linux build, history[0] is still undefined.
Comment 12•24 years ago
|
||
jst, nisheeth, I don't know how the work we did for 18321 helps here. Can you throw some light here. Thanks,
Assignee | ||
Comment 13•24 years ago
|
||
Ok, I see the problem with history[0], the mozilla history object is not defined to be accessible as an array and that's why history[0] is always undefined. I don't know how frequently the history object is accessed as an array but it seems like something we should fix for beta3 for backwards compatibility (it's defined in the javascript docs that history is accessible as an array). I'm grabbing this bug off your list Radha, I hope you don't mind :) Eric, please advice on the severity of this, it's pretty simple to add, + or -?
Comment 14•24 years ago
|
||
DOM0 backward compatibility. Recommend nsbeta3+.
Comment 15•24 years ago
|
||
Marking nsbeta3+
Updated•24 years ago
|
Whiteboard: [nsbeta3+]
Assignee | ||
Comment 16•24 years ago
|
||
Assignee | ||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Whiteboard: [nsbeta3+] → [nsbeta3+][HAVE FIX]
Target Milestone: M17 → M18
Assignee | ||
Comment 17•24 years ago
|
||
Turns out we also need to make a minor modification to the IDLC compiler to make it generate security checks around array access calls before this can be checked in...
Whiteboard: [nsbeta3+][HAVE FIX] → [nsbeta3+][HAVE PARTIAL FIX]
Assignee | ||
Comment 18•24 years ago
|
||
Assignee | ||
Comment 19•24 years ago
|
||
Ok, the last patch should fix this, review and checkin pending...
Whiteboard: [nsbeta3+][HAVE PARTIAL FIX] → [nsbeta3+][HAVE FIX]
Assignee | ||
Comment 20•24 years ago
|
||
Assignee | ||
Comment 21•24 years ago
|
||
Fix checked in, marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•