Closed
Bug 161373
Opened 22 years ago
Closed 22 years ago
Setting document.domain causes innerHTML to fail
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 159348
People
(Reporter: douglas, Assigned: security-bugs)
Details
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020721 BuildID: 2002072104 The is supposed to be possible to set document.domain in order to relax the Same Site rule. In 1.1beta, it causes valid updates to the DOM to fail, probably because of the misapplication of security rules. The problem did not exist on 1.1alpha or any other browser. Reproducible: Always Steps to Reproduce: <html><head><title>Mozilla 1.1beta test</title></head><body> <div id=dev>The setting of innerHTML fails!</div> <script> document.domain = "mozilla.org"; deev = document.getElementById('dev'); deev.innerHTML = "It works correctly."; </script></body></html> Actual Results: The setting of innerHTML will fail, leaving an error message on the screen. Expected Results: The setting of innerHTML replaces the error message with a success message. The statement the STRING in document.domain = STRING; should be replaced with your hostname if your hostname is not mozilla.org.
Comment 1•22 years ago
|
||
OK. Just tested. This is broken in 1.1beta, fixed in current tip. So it's a dup of that document.domain breakage we had at beta time...
Updated•22 years ago
|
Severity: blocker → major
*** This bug has been marked as a duplicate of 159348 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•