Open Bug 110664 Opened 23 years ago Updated 2 years ago

Permission denied to get property NodeList.length

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Platform:
x86
Linux
Type:
defect

Tracking

()

People

(Reporter: han.holl, Assigned: dveditz)

References

Details

Attachments

(1 file)

Copy to local hard disk as /util/domviewer.html
4.58 KB, text/html
Details
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5+) Gecko/20011116 BuildID: 2001111608 I'm running a script from the hard disk with netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead"); included. I try to traverse a document, and for the most part succeed, but get errors om some properties: Error: uncaught exception: Permission denied to get property NodeList.length The same goes for NamedNodeMap.length, HTMLCollection.length HTMLDocument.enumerateProperties and CSSStyleDeclaration.length. I'll try to create two attachments to reproduce, bit I didn't have much luck lately with bugzilla and attachments. Reproducible: Always Steps to Reproduce: 1.Copy attachment #1 [details] [diff] [review] to local hard disk (/util/domviewer.html) 2.Install attachment #2 [details] [diff] [review] as bookmarklet 3.Load any page from the web, select something an click Domviewer bookmark. In domviewer window, try to expand things like [ object NodeList], and look at the Javascript console Actual Results: Doesn't work, but throws exception Expected Results: Should expand the object.
One day, I'll have to find out why I cannot create attachments with bugzilla. In the meantime: here is number 1: (cut and paste work, thank God). <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <!-- ---------------------------------------------------- --> <!-- DOM Viewer --> <!-- --> <!-- Copyright 2000, 2001 by Mike Hall --> <!-- Please see http://www.brainjar.com for terms of use. --> <!-- ---------------------------------------------------- --> <html> <head> <title>Brainjar.com: DOM Viewer</title> <link href="/common/default.css" rel="stylesheet" type="text/css"> <style type="text/css"> a.object { color: #0000ff; } li { white-space: nowrap; } ul { list-style-type: square; margin-left: 0px; padding-left: 1em; } </style> <script type="text/javascript"> // Netscape 6 (or Mozilla)? var isNS6 = (navigator.userAgent.indexOf("Gecko") > 0) ? 1 : 0; // Array for tracking objects to expand or collapse. var objectList = new Array(); function showProperties(obj, name) { var i, j, s; var propertyList, temp; var property, value; var lines; if (!name && obj && obj.id) name = obj.id; // Create a list of the object's properties sorted alphabetically by // name so they can be listed in order. propertyList = new Array; for (property in obj) propertyList[propertyList.length] = String(property); propertyList.sort(); // Build a list of properties and values for this object as a string // in HTML format. s = "<ul>"; for (i = 0; i < propertyList.length; i++) { property = String(propertyList[i]); try { var o = obj[propertyList[i]]; value = String(o); } catch (exception) { value = "<i>" + String(exception) + "</i>" } // If the object property is itself an object, create it as a link // so its properties can be expanded and collapsed. if (value.indexOf("[") == 0 && value.lastIndexOf("]") == value.length - 1) { objectList[objectList.length] = obj[propertyList[i]]; value = makeLink(objectList.length - 1, name + "." + property, value); } // If the property text contains HTML, encode it for display. if (property == "innerHTML" || property == "outerHTML") { var lines = value.split("\n"); value = ""; for (j = 0; j < lines.length; j++) { lines[j] = lines[j].replace(/(.?)<(.?)/g, "$1&lt;$2"); lines[j] = lines[j].replace(/(.?)>(.?)/g, "$1&gt;$2"); value += lines[j]; } } // Add the property/value string as an HTML list item. s += "<li>" + name + "." + property + " = " + value + "</li>"; } // For Netscape, enumerate items in an array or collection. // Note: IE reflects individual item using the index number as // the property name so this is not necessary. if (isNS6 && obj.item) { for (j = 0; j < obj.length; j++) { objectList[objectList.length] = obj[j]; temp = makeLink(objectList.length - 1, name + "[" + j + "]", String(obj[j])); if (obj[j]) s += "<li>" + name + "[" + j + "] " + temp + "</li>"; } } // End the HTML list and return the string. s += "</ul>"; return s; } function makeLink(i, name, text) { return '<a class="object" href="" onclick="' + 'if (!this.isExpanded)' + 'createList(this,objectList[' + i + '],\'' + name + '\');' + 'else destroyList(this);event.cancelBubble=true;return false;">' + text + '</a>'; } function createList(target, obj, name) { var node; // Generate property list and append it to document after the current node. node = document.createElement("SPAN"); node.innerHTML = showProperties(obj, name); target.parentNode.appendChild(node); target.isExpanded = true; } function destroyList(target) { // Remove a generated property list from the document. target.parentNode.removeChild(target.parentNode.lastChild); target.isExpanded = false; } </script> </head> <body> <h3>DOM Viewer</h3> <script language="javascript"> // Show properties for the specified object in the opening window. Default to // the document if no object is specified. if (isNS6) { netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead"); } var DOMViewerObj = window.opener.DOMViewerObj; var DOMViewerName = window.opener.DOMViewerName; if (!DOMViewerObj) { DOMViewerObj = window.opener.document; DOMViewerName = "document"; } document.writeln(showProperties(DOMViewerObj, DOMViewerName)); </script> </body> </html>
Second attachment: this is pasted from my bookmarks.html. I'm a bit uncertain about all the quoting that is going on: I've broken lines that are too long with excaped linefeeds. <DT><A HREF="javascript:aqaq=function(){\ DOMViewerObj=window.getSelection().focusNode.parentNode;\ DOMViewerName=DOMViewerObj.nodeName;\ var win=window.open('');win.location=%22file:///util/domviewer.html%22;\ };aqaq()" ADD_DATE="1006035528" LAST_MODIFIED="1006035769" LAST_CHARSET="ISO-8859-1">Domviewer</A> Past this in your bookmark.html, remove the escaped linefeeds, and you should end up with a bookmarklet. Load any page from the Internet, select something, click the domviewer bookmark, and try to expand any NodeList, NamedNodeMap or other object I mentioned in my original message. Sorry for the somewhat complicated testcase, but I didn't knoe how to simplify this.
file attachment is broken as of the Nov 15 evening builds. Using a build from before that should be fine.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Old version of Mozilla now; thanks Boris
Assignee: security-bugs → dveditz
QA Contact: bsharma → caps
Depends on: 434522
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: