Closed
Bug 477201
Opened 15 years ago
Closed 15 years ago
"Error: Permission denied to get property Window.document" using local file:///SomeFile.html and window.open()
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
RESOLVED
INVALID
People
(Reporter: trindflo, Unassigned)
References
Details
Attachments
(1 file)
1.64 KB,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.04 (hardy) Firefox/3.0.5 Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.04 (hardy) Firefox/3.0.5 if document.domain is the empty string, window.document will fail for windows created using window.open(). This is not an issue if the file is read through a local server (i.e. http://127.0.0.1/...). It is only an issue when the html is read as a file (i.e. file:///...). This occurs on windows and linux machines. Tested in Firefox 3.0.6 (1.9.0.6) Reproducible: Always Steps to Reproduce: 1. Place rcjs-fails.html file on local disk 2. Load rcjs-fails.html file with File->Open 3. Click on link Actual Results: Error Console displays: Error: Permission denied to get property Window.document Source File: file:///home/XXX/XXX/rcjs-fails.html Line: 15 Javascript function fails Expected Results: new windows should close. Original window should display links found.
Reporter | ||
Comment 1•15 years ago
|
||
Blocks https://bugzilla.mozilla.org/show_bug.cgi?id=397828
Comment 2•15 years ago
|
||
Er... Isn't the issue that you're trying to read a directory that's an ancestor of the file in question? That's not allowed by security policy in Firefox 3, and doesn't seem to be related to bug 397828 to me.
Comment 3•15 years ago
|
||
And in particular, if I back out bug 397828 then the script can get the document fine but throws on trying to get document.links, as expected: JavaScript error: file:///Users/bzbarsky/test/test.html, line 15: Permission denied for <file://> to get property HTMLDocument.links from <file://>. See also bug 230606.
Reporter | ||
Comment 4•15 years ago
|
||
Thank you for your time, and for the link. I was attempting to do something which is forbidden with very good cause by default in Firefox 3, and only after a lot of discussion. My desire was to enumerate images for display without hard-coding the names of each file in html, and this same mechanism could be used to access other information on the hard drive (the Firefox security policies for instance). The mechanism can still be useful, just not for files on the local hard drive. Bypassing this security feature through security.fileuri.strict_origin_policy for local html testing works, and it is understandably not recommended.
You need to log in
before you can comment on or make changes to this bug.
Description
•