Closed
Bug 161373
Opened 18 years ago
Closed 18 years ago
Setting document.domain causes innerHTML to fail
Categories
(Core :: Security, defect, major)
Tracking
()
RESOLVED
DUPLICATE
of bug 159348
People
(Reporter: douglas, Assigned: security-bugs)
Details
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020721
BuildID: 2002072104
The is supposed to be possible to set document.domain in order to relax the Same
Site rule. In 1.1beta, it causes valid updates to the DOM to fail, probably
because of the misapplication of security rules. The problem did not exist on
1.1alpha or any other browser.
Reproducible: Always
Steps to Reproduce:
<html><head><title>Mozilla 1.1beta test</title></head><body>
<div id=dev>The setting of innerHTML fails!</div>
<script>
document.domain = "mozilla.org";
deev = document.getElementById('dev');
deev.innerHTML = "It works correctly.";
</script></body></html>
Actual Results: The setting of innerHTML will fail, leaving an error message on
the screen.
Expected Results: The setting of innerHTML replaces the error message with a
success message.
The statement the STRING in document.domain = STRING; should be replaced with
your hostname if your hostname is not mozilla.org.
|
||
Comment 1•18 years ago
|
||
OK. Just tested. This is broken in 1.1beta, fixed in current tip. So it's a dup of that document.domain breakage we had at beta time...
|
||
Updated•18 years ago
|
Severity: blocker → major
*** This bug has been marked as a duplicate of 159348 ***
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•