Closed Bug 25117 Opened 25 years ago Closed 24 years ago

Security checks on window

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Platform:
All
Other
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: joki)

Details

(Whiteboard: [nsbeta2+] fix in hand) 

The various security checks from 4.x that prevent windows from being made too
small or from being moved offscreen should be reimplemented for 5.x. The window
properties that are subject to checks can be seen at
http://warp.mcom.com/hardcore/prj-seca/javascript/js.html. Specifically,
resizeBy, resizeTo, screenX, screenY, setHotkeys, and setZOptions should have
security checks.
Setting milestone
Target Milestone: M16
I'm nominating this a necessary for nsbeta2, protection againt spoofing attacks 
primarily, though privacy too to a slighly smaller extent.
Status: NEW → ASSIGNED
Keywords: nsbeta2
Putting on [nsbeta2+] radar for beta2 fix.
Whiteboard: [nsbeta2+]
Whiteboard: [nsbeta2+] → [nsbeta2+] fix in hand, waiting for review
fix in hand, reviewed by danm, will checkin today.
Whiteboard: [nsbeta2+] fix in hand, waiting for review → [nsbeta2+] fix in hand
okay i've fixed window.open, resizeBy/To, moveBy/To, innerWidth/Height, 
outerWidth/Height.  Oh yeah, and setting chrome to noTitlebar and z-ordering 
options.  I think we're covered.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Verified with 2000-07-05-09.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.