Closed Bug 279417 Opened 21 years ago Closed 21 years ago

Extension JS exposed/executed in page context

Categories

(SeaMonkey :: UI Design, defect)

Product:
SeaMonkey
Component:
UI Design
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: dracos, Assigned: jag+mozilla)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041217 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041217 Testing this bug requires the Tabbed Browser Extensions (http://extensionroom.mozdev.org/more-info/tbe) to be installed. The URL listed for this bug explains some details: "These links have various values for their href attributes. Double clicking the text portion of each triggers the expected behavior. However, double clicking the images of the first four (all having 'javascipt:' hrefs) behave unexpectedly if Tabbed Browser Extensions is installed. The first places code from TBE in the location bar; links 2 through 4 merely display this code as the status bar message." Also, if an ondblclick="someFunc();" event handler is assigned to the href="javascript:return false;" link, function someFunc(){ try{ 1 + 1; } catch(err){ alert(err) } } does not perform the alert(), but does produce the following in the JS console: Error: invalid return Source File: javascript:void(window.__tabextensions__LastEvent = (new Date()).getTime());return false; Line: 1, Column: 65 Source Code: void(window.__tabextensions__LastEvent = (new Date()).getTime());return false; Reproducible: Always Steps to Reproduce: 1. Install Tabbed Browser Extensions 2. Click / dblclick on links (especially the images) in provided url Actual Results: Javascript from TBE is displayed in status bar or executed. This possibly prevents links from behaving as intended. Expected Results: Chrome JS code should not be accessible from the context of a remote document. I get this behavior on both Windows 2000 SP4 Mozilla 1.7.5 and Gentoo Linux (kernel 2.6.10) latest x.org Gnome 2.8.1 Mozilla 1.7.5
Please report TBE problems to its author. See its home page http://piro.sakura.ne.jp/xul/tabextensions/index.html.en for links
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.