Closed Bug 1005806 Opened 6 years ago Closed 6 years ago

Iterating <input> properties throws a security Error because HTMLInputElement.controllers is not chromeonly

Categories

(Core :: DOM: Core & HTML, defect)

29 Branch
defect
Not set

Tracking

()

VERIFIED FIXED
mozilla32
Tracking Status
firefox29 --- wontfix
firefox30 --- verified
firefox31 --- verified
firefox32 --- verified
b2g-v1.4 --- fixed
b2g-v2.0 --- fixed

People

(Reporter: thor, Assigned: bholley)

References

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36

Steps to reproduce:

Iterating the properties on an <input> element throws a security Error when accessing the "controllers" property.

This is a recent change in Firefox 29, and I suspect it is a side-effect caused by https://bugzilla.mozilla.org/show_bug.cgi?id=794943




Actual results:

> var input = document.createElement("input");
> typeof input.controllers;

Error: Permission denied for <https://www.google.com> to create wrapper for object of class XULControllers


Expected results:

> var input = document.createElement("input");
> typeof input.controllers

"object" or "undefined"
OS: Mac OS X → All
Hardware: x86 → All
Note that the behavior in Firefox 28 was for typeof to return "object".

However, controllers is not defined on HTMLInputElement.

https://developer.mozilla.org/en/docs/Web/API/HTMLInputElement

It is however defined in XUL

https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XUL/Property/controllers

Part 3 of the patch in bug 94943 makes the controllers property [ChromeOnly], in which case I would expect it to not be exposed at all to webpages and typeof to return "undefined".
> Part 3 of the patch in bug 94943

I assume you mean bug 794943?

That was for Window.controllers, not HTMLInputElement.controllers.

Bobby, is there a reason the latter is not chromeonly?
Blocks: 794943
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(bobbyholley)
Summary: Iterating <input> properties throws a security Error → Iterating <input> properties throws a security Error because HTMLInputElement.controllers is not chromeonly
(In reply to Boris Zbarsky [:bz] from comment #2)
> Bobby, is there a reason the latter is not chromeonly?

Not that I know of. Patch coming up.
Flags: needinfo?(bobbyholley)
Comment on attachment 8417445 [details] [diff] [review]
HTMLInputElement.controllers should be [ChromeOnly]. v1

r=me.  We should probably get this backported to aurora/beta too.
Attachment #8417445 - Flags: review?(bzbarsky) → review+
This is a web-visible regression with a simple fix. We should track for branches.

https://tbpl.mozilla.org/?tree=Try&rev=c4e0ccd1fda9
Assignee: nobody → bobbyholley
Comment on attachment 8417445 [details] [diff] [review]
HTMLInputElement.controllers should be [ChromeOnly]. v1

[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 794943
User impact if declined: weird gecko-specific exception thrown when iterating properties.
Testing completed (on m-c, etc.): Haven't pushed to m-i because it's closed. Will soon.
Risk to taking this patch (and alternatives if risky): Very low risk. 
String or IDL/UUID changes made by this patch: None
Attachment #8417445 - Flags: approval-mozilla-beta?
Attachment #8417445 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/a4e798884d04
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Yes I meant bug 794943, that was a typo on my part.

Thank you for the quick acknowledgement and turnaround.
Thor, thank you for reporting the issue, and pinpointing what the problem is!
Attachment #8417445 - Flags: approval-mozilla-beta?
Attachment #8417445 - Flags: approval-mozilla-beta+
Attachment #8417445 - Flags: approval-mozilla-aurora?
Attachment #8417445 - Flags: approval-mozilla-aurora+
Keywords: verifyme
Reproduced the initial issue using old Nightly (2014-04-30) on Windows 7 64bit, verified as fixed using Firefox 30 beta 3, latest Aurora and latest Nightly on Windows 7 64bit, Mac OS X 10.9.2 and Ubuntu 13.10 32bit.
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.