Closed
Bug 180747
Opened 22 years ago
Closed 13 years ago
Untrusted content shouldn't be able to resize to smaller that 10/100 pixels, or larger that screen. Is this always so?
Categories
(Core :: XUL, defect)
Core
XUL
Tracking
()
RESOLVED
WORKSFORME
mozilla1.4beta
People
(Reporter: bsharma, Assigned: jrgmorrison)
References
(Depends on 2 open bugs, )
Details
(Whiteboard: [sg:investigation])
This bug is reported as the issue in the module review and jrgm asked me to make
a bug out of it.
jrgm will provide the test case.
the current minimums are ~100px, but they aren't content dimensions, they're
total window size. i think that's a dom0 thing so we probably can't change the
meaning of the params.
I think I don't understand. What's "smaller that 10/100"?
Untrusted script at this time is not allowed to size a window smaller than 100
pixels in either dimension. But there is no upper limit.
Assignee | ||
Comment 3•22 years ago
|
||
timeless: this a routine task for me to perform. It's not a freaking
mystery that requires that you disturb other people.
Comment 4•22 years ago
|
||
There is an upper limit somewhere, no matter what size I pick my windows max out
at full screen. Actually the height value (on windows anyway) doesn't seem to
take the title bar into account so it ends up slightly taller than the window.
and I don't think it take the height of the task bar into account either so in
the non-autohide case you hide that much more.
You can't position it off the screen either, although again on windows it can go
further off the bottom a little (unlike the top or sides) by the height of the
titlebar plus get partially covered by the window task bar. With a minimum
height of 100 this still leaves plenty on the screen to grab.
Updated•22 years ago
|
Whiteboard: [sg:investigation]
Comment 5•22 years ago
|
||
John says XUL uses the same checks on window size as HTML, for size and
positionong.
We should check moveTo, resizeTo, setting window properties like innerWidth
directly, and parameters to window.open. XUL and HTML should behave the same in
all of these cases.
Target Milestone: --- → mozilla1.4beta
Updated•19 years ago
|
Updated•19 years ago
|
OS: Windows 2000 → All
Hardware: PC → All
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: shrir → xptoolkit.widgets
Updated•13 years ago
|
Group: core-security
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•