Open
Bug 1508687
Opened 6 years ago
Updated 2 years ago
WebExtension about:blank DOM access denied as cross-origin
Categories
(WebExtensions :: General, defect, P3)
Tracking
(Not tracked)
NEW
People
(Reporter: lcz970, Assigned: robwu)
References
Details
(Keywords: parity-chrome)
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:51.0) Gecko/20160105164030 Firefox/63.0
Steps to reproduce:
let newWin = window.open('about:blank');
newWin.onload = function () {
// do something in new blank page
};
Actual results:
DOMException: "Permission denied to access property "onload" on cross-origin object"
Expected results:
No error should occur.
This does not happen in normal page loaded scripts.
Chrome extension is behaving normally as in normal page scripts.
|
||
Updated•6 years ago
|
Component: Untriaged → General
Keywords: parity-chrome
Product: Firefox → WebExtensions
See Also: → 1486036
Just to clarify, this bug is not the same as "see also" one.
This one is "DOM access to about:blank is blocked", that one is "not injecting content scripts into about:blank".
|
Assignee | |
Comment 3•6 years ago
|
||
I can reproduce this. This is not a regression; I tested on Firefox 56, 57, 62, 63 and 65 - all are affected.
STR:
1. Save the code snippet from comment 0 as contentscript.js.
2. Save the following as manifest.json:
{
"name": "window.open()",
"version": "1",
"manifest_version": 2,
"content_scripts": [{
"js": ["contentscript.js"],
"matches": ["*://example.com/*"]
}]
}
3. Visit about:config and set dom.disable_open_during_load to false
4. Visit https://example.com/
5. Open the global JS console (Ctrl-Shift-J) and look at the output.
Expected: No error.
Actual: SecurityError: Permission denied to access property "onload" on cross-origin object
The newly created window has a null principal instead of the page's principal.
The implementation of window.open() uses the principal of the JS context at [1], so it ends up using the ExpandedPrincipal (from the content script that is executing, consisting of a moz-extension:-origin and the page's origin) instead of the ContentPrincipal (of the page). When an expanded principals is present, a null principal is used [3] by nsDocShell::LoadURI [4].
This bug can be fixed by using ExpandedPrincipal::PrincipalToInherit to extract the page's ContentPrincipal, instead of unconditionally using the null principal at [3].
I'm taking this bug to keep it on my list, but feel free to steal it if you want to work on a fix.
[1] https://searchfox.org/mozilla-central/rev/0859e6b10fb901875c80de8f8fc33cbb77b2505e/toolkit/components/windowwatcher/nsWindowWatcher.cpp#1039
[2] https://searchfox.org/mozilla-central/rev/0859e6b10fb901875c80de8f8fc33cbb77b2505e/toolkit/components/windowwatcher/nsWindowWatcher.cpp#1128
[3] https://searchfox.org/mozilla-central/rev/0859e6b10fb901875c80de8f8fc33cbb77b2505e/docshell/base/nsDocShellLoadState.cpp#437,445-456
[4] https://searchfox.org/mozilla-central/rev/0859e6b10fb901875c80de8f8fc33cbb77b2505e/docshell/base/nsDocShell.cpp#746
Assignee: nobody → rob
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(rob)
|
||
Updated•6 years ago
|
Priority: -- → P3
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•