Closed Bug 180747 Opened 22 years ago Closed 13 years ago

Untrusted content shouldn't be able to resize to smaller that 10/100 pixels, or larger that screen. Is this always so?

Categories

(Core :: XUL, defect)

defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME
mozilla1.4beta

People

(Reporter: bsharma, Assigned: jrgmorrison)

References

(Depends on 2 open bugs, )

Details

(Whiteboard: [sg:investigation])

This bug is reported as the issue in the module review and jrgm asked me to make a bug out of it. jrgm will provide the test case.
the current minimums are ~100px, but they aren't content dimensions, they're total window size. i think that's a dom0 thing so we probably can't change the meaning of the params.
I think I don't understand. What's "smaller that 10/100"? Untrusted script at this time is not allowed to size a window smaller than 100 pixels in either dimension. But there is no upper limit.
timeless: this a routine task for me to perform. It's not a freaking mystery that requires that you disturb other people.
There is an upper limit somewhere, no matter what size I pick my windows max out at full screen. Actually the height value (on windows anyway) doesn't seem to take the title bar into account so it ends up slightly taller than the window. and I don't think it take the height of the task bar into account either so in the non-autohide case you hide that much more. You can't position it off the screen either, although again on windows it can go further off the bottom a little (unlike the top or sides) by the height of the titlebar plus get partially covered by the window task bar. With a minimum height of 100 this still leaves plenty on the screen to grab.
Whiteboard: [sg:investigation]
John says XUL uses the same checks on window size as HTML, for size and positionong. We should check moveTo, resizeTo, setting window properties like innerWidth directly, and parameters to window.open. XUL and HTML should behave the same in all of these cases.
Target Milestone: --- → mozilla1.4beta
Depends on: 104303, 304089
Depends on: 195854
Depends on: 304124
Depends on: 304184
OS: Windows 2000 → All
Hardware: PC → All
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: shrir → xptoolkit.widgets
Group: core-security
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.