Security checks on window

VERIFIED FIXED in M16

Status

()

Core
DOM: Core & HTML
P3
normal
VERIFIED FIXED
19 years ago
18 years ago

People

(Reporter: Norris Boyd, Assigned: joki (gone))

Tracking

Trunk
All
Other
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [nsbeta2+] fix in hand)

(Reporter)

Description

19 years ago
The various security checks from 4.x that prevent windows from being made too
small or from being moved offscreen should be reimplemented for 5.x. The window
properties that are subject to checks can be seen at
http://warp.mcom.com/hardcore/prj-seca/javascript/js.html. Specifically,
resizeBy, resizeTo, screenX, screenY, setHotkeys, and setZOptions should have
security checks.
(Assignee)

Comment 1

19 years ago
Setting milestone
Target Milestone: M16
(Assignee)

Comment 2

18 years ago
I'm nominating this a necessary for nsbeta2, protection againt spoofing attacks 
primarily, though privacy too to a slighly smaller extent.
Status: NEW → ASSIGNED
Keywords: nsbeta2

Comment 3

18 years ago
Putting on [nsbeta2+] radar for beta2 fix. 
Whiteboard: [nsbeta2+]
(Assignee)

Updated

18 years ago
Whiteboard: [nsbeta2+] → [nsbeta2+] fix in hand, waiting for review
(Assignee)

Comment 4

18 years ago
fix in hand, reviewed by danm, will checkin today.
Whiteboard: [nsbeta2+] fix in hand, waiting for review → [nsbeta2+] fix in hand
(Assignee)

Comment 5

18 years ago
okay i've fixed window.open, resizeBy/To, moveBy/To, innerWidth/Height, 
outerWidth/Height.  Oh yeah, and setting chrome to noTitlebar and z-ordering 
options.  I think we're covered.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED

Comment 6

18 years ago
Verified with 2000-07-05-09.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.