Closed Bug 161373 Opened 23 years ago Closed 23 years ago

Setting document.domain causes innerHTML to fail

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 159348

People

(Reporter: douglas, Assigned: security-bugs)

Details

From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020721 BuildID: 2002072104 The is supposed to be possible to set document.domain in order to relax the Same Site rule. In 1.1beta, it causes valid updates to the DOM to fail, probably because of the misapplication of security rules. The problem did not exist on 1.1alpha or any other browser. Reproducible: Always Steps to Reproduce: <html><head><title>Mozilla 1.1beta test</title></head><body> <div id=dev>The setting of innerHTML fails!</div> <script> document.domain = "mozilla.org"; deev = document.getElementById('dev'); deev.innerHTML = "It works correctly."; </script></body></html> Actual Results: The setting of innerHTML will fail, leaving an error message on the screen. Expected Results: The setting of innerHTML replaces the error message with a success message. The statement the STRING in document.domain = STRING; should be replaced with your hostname if your hostname is not mozilla.org.
OK. Just tested. This is broken in 1.1beta, fixed in current tip. So it's a dup of that document.domain breakage we had at beta time...
Severity: blocker → major
*** This bug has been marked as a duplicate of 159348 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.