Closed
Bug 25117
Opened 25 years ago
Closed 24 years ago
Security checks on window
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
VERIFIED
FIXED
M16
People
(Reporter: norrisboyd, Assigned: joki)
Details
(Whiteboard: [nsbeta2+] fix in hand)
The various security checks from 4.x that prevent windows from being made too small or from being moved offscreen should be reimplemented for 5.x. The window properties that are subject to checks can be seen at http://warp.mcom.com/hardcore/prj-seca/javascript/js.html. Specifically, resizeBy, resizeTo, screenX, screenY, setHotkeys, and setZOptions should have security checks.
Assignee | ||
Comment 2•24 years ago
|
||
I'm nominating this a necessary for nsbeta2, protection againt spoofing attacks primarily, though privacy too to a slighly smaller extent.
Status: NEW → ASSIGNED
Keywords: nsbeta2
Assignee | ||
Updated•24 years ago
|
Whiteboard: [nsbeta2+] → [nsbeta2+] fix in hand, waiting for review
Assignee | ||
Comment 4•24 years ago
|
||
fix in hand, reviewed by danm, will checkin today.
Whiteboard: [nsbeta2+] fix in hand, waiting for review → [nsbeta2+] fix in hand
Assignee | ||
Comment 5•24 years ago
|
||
okay i've fixed window.open, resizeBy/To, moveBy/To, innerWidth/Height, outerWidth/Height. Oh yeah, and setting chrome to noTitlebar and z-ordering options. I think we're covered.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Comment hidden (collapsed) |
You need to log in
before you can comment on or make changes to this bug.
Description
•