281776 - Disabled JavaScript capabilities raise unexpected exceptions

Status: RESOLVED INVALID

(Core :: Security, defect)

Description

[Simo Melenius]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050105 Debian/1.7.5-1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050105 Debian/1.7.5-1

If I have JavaScript enabled but individual capabilities disabled (like allowing
the setting of status bar text, change images, move windows), scripts fail as
common idioms throw exceptions, like in the case of

window.status = "foo";

if setting the status text is now allowed.

Background:

Sometimes it means that to navigate a JavaScript-laden web page, I have to turn
on these capabilities just to make the rest of the javascript working (like
JavaScript-triggering buttons or dropdown lists). However, not letting the
script change statusbar text or a physical image on the screen doesn't change
the semantics of the scripts -- still I have to suffer from giving the web page
too much control over my browser.

Proposal:

It would be good if there was a preference setting to silently ignore raising
these exceptions. More generally, any call or property change that only involves
side-effects would seem to work normally to the scripts, even if no physical
change takes place. Calling anything that is disabled and that would return a
meaningful value would have to behave like before, i.e. raising an exception
because the semantics of the scripting environment would change otherwise.

Reproducible: Always

Steps to Reproduce:

Comment 1

[Boris Zbarsky [:bzbarsky]]

The security policy preferences are supposed to throw.  Access to something
denied via security policies is a security violation that should lead to script
termination.

Note that we have non-security-policy preferences for things like moving
windows, changing status bar text, etc, for precisely these reasons.