Security error accessing DOM elements inside an IFrame

VERIFIED FIXED

Status

()

Core
Security
P3
normal
VERIFIED FIXED
18 years ago
18 years ago

People

(Reporter: rginda, Assigned: Norris Boyd)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

18 years ago
Basic idea:
1. Define an iframe in xul
2. document.write() content into the iframe
3. Retrieve a reference to a DOM element inside the iframe.
3a. NS_ERROR_DOM_SECURITY_ERR is thrown.

Test Case:
1. Place the three attached files in the path resource:/// points to
2. load rg-tests-index.html
3. Click 'dom security'
3a. Error will be generated.
(Reporter)

Comment 1

18 years ago
Created attachment 2281 [details]
file 1/3 of test case
(Reporter)

Comment 2

18 years ago
Created attachment 2282 [details]
file 2/3 of test case
(Reporter)

Comment 3

18 years ago
Created attachment 2283 [details]
file 3/3 of test case
(Assignee)

Updated

18 years ago
Blocks: 12633
(Assignee)

Comment 4

18 years ago
I've reproduced the problem.

Security is objecting to getting "getElementById" from about:blank from a script
running from file: (the resource: is converted to file:).

I think the problem is that writing to the document should change its origin
from about:blank to the origin of the script performing the write. I'll
investigate more.
(Assignee)

Updated

18 years ago
Status: NEW → ASSIGNED
(Assignee)

Updated

18 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED
(Assignee)

Comment 5

18 years ago
Checking in nsHTMLDocument.cpp;
/m/pub/mozilla/layout/html/document/src/nsHTMLDocument.cpp,v  <--  nsHTMLDocumen
t.cpp
new revision: 3.162; previous revision: 3.161
done

This fixes Bugzilla bug 16836 where a XUL document creates a new window and
tries to document.write to it. It was getting
  a security error because the call to GetSourceDocumentURL failed, causing the
new window's document's URI to be set to
  about:blank, which failed an origin check relative to the origin of the
script. The call to GetSourceDocumentURL failed
  because the document was a XUL document rather than an HTML document. The
proposed change uses the more general
  nsIDocument interface to get the uri (and avoids creating a new object for the
uri).

Comment 6

18 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General

Comment 7

18 years ago
Verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.