Setting document.domain causes innerHTML to fail

RESOLVED DUPLICATE of bug 159348

Status

()

Product:
Core
Component:
Security
Importance:
--
major
Status:
RESOLVED DUPLICATE of bug 159348
Reported:
17 years ago
Modified:
17 years ago

People

(Reporter: douglas, Assigned: security-bugs)

Tracking

Version:
Trunk
Platform:
x86
Windows 2000
Points:
---

Firefox Tracking Flags

(Not tracked)

Details
(Reporter)

Description

17 years ago 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020721
BuildID:    2002072104

The is supposed to be possible to set document.domain in order to relax the Same
Site rule. In 1.1beta, it causes valid updates to the DOM to fail, probably
because of the misapplication of security rules. The problem did not exist on
1.1alpha or any other browser.

Reproducible: Always
Steps to Reproduce:
<html><head><title>Mozilla 1.1beta test</title></head><body>
<div id=dev>The setting of innerHTML fails!</div>
<script>
document.domain = "mozilla.org";
deev = document.getElementById('dev');
deev.innerHTML = "It works correctly.";
</script></body></html>

Actual Results:  The setting of innerHTML will fail, leaving an error message on
the screen.

Expected Results:  The setting of innerHTML replaces the error message with a
success message.

The statement the STRING in  document.domain = STRING;  should be replaced with
your hostname if your hostname is not mozilla.org.

Comment 1

17 years ago 
OK.  Just tested.  This is broken in 1.1beta, fixed in current tip.  So it's a
dup of that document.domain breakage we had at beta time...
Severity: blocker → major

Comment 2

17 years ago 

*** This bug has been marked as a duplicate of 159348 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.