Setting document.domain causes innerHTML to fail

RESOLVED DUPLICATE of bug 159348

Status

()

Core
Security
--
major
RESOLVED DUPLICATE of bug 159348
16 years ago
16 years ago

People

(Reporter: Douglas Crockford, Assigned: Mitchell Stoltz (not reading bugmail))

Tracking

Trunk
x86
Windows 2000
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020721
BuildID:    2002072104

The is supposed to be possible to set document.domain in order to relax the Same
Site rule. In 1.1beta, it causes valid updates to the DOM to fail, probably
because of the misapplication of security rules. The problem did not exist on
1.1alpha or any other browser.

Reproducible: Always
Steps to Reproduce:
<html><head><title>Mozilla 1.1beta test</title></head><body>
<div id=dev>The setting of innerHTML fails!</div>
<script>
document.domain = "mozilla.org";
deev = document.getElementById('dev');
deev.innerHTML = "It works correctly.";
</script></body></html>

Actual Results:  The setting of innerHTML will fail, leaving an error message on
the screen.

Expected Results:  The setting of innerHTML replaces the error message with a
success message.

The statement the STRING in  document.domain = STRING;  should be replaced with
your hostname if your hostname is not mozilla.org.
OK.  Just tested.  This is broken in 1.1beta, fixed in current tip.  So it's a
dup of that document.domain breakage we had at beta time...
Severity: blocker → major

*** This bug has been marked as a duplicate of 159348 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.