Closed
Bug 141442
Opened 23 years ago
Closed 22 years ago
window.openDialog not redefineable by script
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
FIXED
mozilla1.0
People
(Reporter: zidek, Assigned: jst)
References
()
Details
(Whiteboard: [FIXED ON TRUNK][ADT RTM],custrtm-)
Attachments
(1 file, 2 obsolete files)
|
10.56 KB,
patch
|
security-bugs
:
review+
jband_mozilla
:
superreview+
endico
:
approval+
|
Details | Diff | Splinter Review |
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+)
Gecko/20020430
BuildID: 2002043010
Links with javascript: URL scheme don't work . Eg. <a
HREF="javascript:openDialog('img','viewimage.php?img=4051')">. Function will not
run after click. I have everything enabled in mozzila (popups). Maybe error is
in function openDialog. In NN4.7/IE it works.
Reproducible: Always
Steps to Reproduce:
1. go to
http://news.auto.cz/cgi-bin/main.phtml?rubrika=6&id=277&stamp=1020253666&kam=detail
2. click on small thumbnail images at the bottom of the page
Actual Results: Nothnig ...
Expected Results: Window with large image should popup.
They have small function
----SNIP----
<script language="JavaScript">
function openDialog(hwnd,url)
{
var
v=window.open(url,hwnd,'width=450,height=400,menubar=0,status=0,scrollbars=1,resizable=1');
v.focus();
}
</script>
---SNIP---
and call thi function from HREF link
---SNIP---
<a HREF="javascript:openDialog('img','viewimage.php?img=4051')"></a>
---SNIP----
|
||
Comment 1•23 years ago
|
||
Confirm with Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0rc1) Gecko/20020425
No reaction if I click on any of the 16 tumbnail-car-pictures
Javascript console tells for tumbnail left/top:
Error: uncaught exception: [Exception... "Component returned failure code:
0x80004005 (NS_ERROR_FAILURE) [nsIDOMJSWindow.openDialog]" nsresult:
"0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: javascript:
javascript:openDialog('img','viewimage.php?img=4031') :: <TOP_LEVEL> :: line 1"
data: no]
Javascript-links work fine with NN4.73, OPERA6, IE6
|
||
Comment 2•23 years ago
|
||
Browser, not engine ---> DOM Level 0
Assignee: rogerl → jst
Component: JavaScript Engine → DOM Level 0
QA Contact: pschwartau → desale
|
|
||
Comment 3•23 years ago
|
||
I think Martin and Rainer have found the problem: openDialog()
is a pre-existing function in the DOM. Therefore it's not good
for the developers to define a function called "openDialog".
To see that openDialog() already exists, just do this.
Load about:blank in Mozilla. Then try these javascript: URLs
javascript: alert('openDialog' in window) ---> true
javascript: alert(typeof openDialog) ---> 'function'
javascript: alert(openDialog) ---> function openDialog(){
[native code]
}
Now load the site for this bug. Now you get
javascript: alert(openDialog) ---> undefined
But I will let jst make the final decision here -Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
||
Comment 4•23 years ago
|
||
Note Rainer's finding: the site works fine with NN4.73, OPERA6, IE6. Which I can confirm for NN4.73 and IE6...
|
Assignee | |
Comment 5•23 years ago
|
||
This was caused by bug 56009 where window.openDialog was made noAccess, that's not a good idea since that makes it impossible to redefine openDialog in web pages. The patch I'm about to attach makes window.openDialog redefineable from script and it makes sure that calls that don't come from chrome can't call through the native openDialog() method. Cc'ing a bunch of security people...
Status: NEW → ASSIGNED
OS: Windows XP → All
Hardware: PC → All
Summary: Links with javascript: URL scheme don't work → window.openDialog not redefineable by script
Whiteboard: [HAVE FIX]
Target Milestone: --- → mozilla1.0
|
|
Assignee | |
Comment 6•23 years ago
|
||
|
||
Comment 7•23 years ago
|
||
jst, in my opinion the right fix for this bug is to move OpenDialog() to nsIDOMChromeWindow
|
|
Assignee | |
Comment 8•23 years ago
|
||
Yeah, that'd be one way to fix this, but I'm not convinced that there's no code in our XUL/XBL that relies on openDialog() being available on non-chrome windows. If we're sure that's the case, then I'm fine with moving the method to nsIDOMChromeWindow. Either way, the current code is broken, either of the two proposals would solve the problem reported in this bug, one is more riskier than the other (i.e. the patch is IMO as safe as it could be, moving openDialog to nsIDOMChromeWindow could cause problems).
|
Reporter | |
Comment 9•23 years ago
|
||
That's great how fast you response ! I'm really impressed ! Keep doing good job !
|
||
Comment 10•23 years ago
|
||
Comment on attachment 81856 [details] [diff] [review] Let scripts redefine window.openDialog() Yes, this looks safe to me. It has the added benefit of making the protection for the native openDialog method hard-coded, so that prefs problems won't reopen the original bug ( bug 56009). r=mstoltz.
Attachment #81856 -
Flags: review+
|
|
||
Comment 11•23 years ago
|
||
*** Bug 127480 has been marked as a duplicate of this bug. ***
|
||
Comment 12•23 years ago
|
||
*** Bug 130604 has been marked as a duplicate of this bug. ***
|
|
||
Comment 13•23 years ago
|
||
*** Bug 132668 has been marked as a duplicate of this bug. ***
|
|
||
Comment 14•23 years ago
|
||
*** Bug 134764 has been marked as a duplicate of this bug. ***
|
|
Assignee | |
Comment 15•23 years ago
|
||
Comment on attachment 81856 [details] [diff] [review] Let scripts redefine window.openDialog() Hmm, jband pointed out that this would not properly detect when a call comes from chrome and goes through content code that calls window.openDialog(), IOW this would've made window.openDialog() callable from content code. New patch coming up.
Attachment #81856 -
Flags: needs-work+
|
|
Assignee | |
Comment 16•23 years ago
|
||
This uses the security manager to properly detect if a call is coming from chrome or not. r=/sr=?
|
||
Updated•22 years ago
|
|
|
Assignee | |
Comment 17•22 years ago
|
||
Attachment #81856 -
Attachment is obsolete: true
Attachment #82261 -
Attachment is obsolete: true
|
||
Comment 18•22 years ago
|
||
Comment on attachment 83982 [details] [diff] [review] Make IsCallerChrome() secure and let scripts override openDialog() sr=jband. With the removal of the one unnecessary rv check we discussed. I trust you made sure the secman is not leaked. If Mitch says that this does the right thing then I'm happy.
Attachment #83982 -
Flags: superreview+
|
|
||
Comment 19•22 years ago
|
||
Comment on attachment 83982 [details] [diff] [review] Make IsCallerChrome() secure and let scripts override openDialog() This appears to do the right thing. r=mstoltz.
Attachment #83982 -
Flags: review+
|
|
Assignee | |
Comment 20•22 years ago
|
||
Fix checked in on the trunk.
Whiteboard: [HAVE FIX][ADT RTM] → [FIXED ON TRUNK][ADT RTM]
|
||
Comment 21•22 years ago
|
||
Comment on attachment 83982 [details] [diff] [review] Make IsCallerChrome() secure and let scripts override openDialog() a=chofmann,shaver,brendan
Attachment #83982 -
Flags: approval+
|
|
Assignee | |
Comment 23•22 years ago
|
||
Fixed on branch.
|
||
Comment 24•22 years ago
|
||
verified1.0.0 on 05-22-18-1.0.0 & also Verified on trunk on 05-23-08-trunk.
Status: RESOLVED → VERIFIED
Keywords: verified1.0.0
Whiteboard: [FIXED ON TRUNK][ADT RTM] → [FIXED ON TRUNK][ADT RTM],custrtm-
You need to log in
before you can comment on or make changes to this bug.
Description
•