Closed Bug 294406 Opened 19 years ago Closed 19 years ago

chrome XHTML documents do not get chrome privileges

Categories

(Core :: DOM: Core & HTML, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 221490

People

(Reporter: u81239, Unassigned)

Details

(Keywords: testcase)

Attachments

(1 file)

439 bytes, application/xhtml+xml
Details
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050514 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050514 Firefox/1.0+

I made an XHTML document which loads another site in an iframe and then queries
the content of that iframe, such as:
document.getElementById('iframe').contentDocument.URL.

However, normally the script doesn’t have enough privileges to be able to do
that. An "Error: uncaught exception: Permission denied to get property
HTMLDocument.URL" error appears in the JavaScript console. So far so good, this
is expected.

So, I create a basic extension setup, and access the file through chrome://.
Problem: the error still appears!

When I rename the file to .html, everything works allright. The only conclusion
I can make here is that XHTML files loaded through the chrome don’t get the
additional privileges XUL and HTML files get.

Reproducible: Always

Steps to Reproduce:
Attached file Testcase
Here’s a testcase. Please load from chrome://.
Keywords: testcase
Attachment #183779 - Attachment mime type: text/html → application/xhtml+xml
I don't get even your first prompt (which shouldn't require privs) to work when
this is .xhtml in chrome, nor does injecting "javascript:alert('foo');" do
anything. There may be something more fundamental here than a CAPS issue (caps
does not check extensions when assigning privileges).

Is there no "chrome" component? Neither DOM nor Layout seem the right component,
but they're the closest.
Assignee: dveditz → general
Component: Security → DOM
QA Contact: toolkit → ian
Summary: XHTML documents in chrome do not get chrome privileges → chrome XHTML documents do not get chrome privileges
Caps doesn't check extensions, but chrome does.  See
http://lxr.mozilla.org/seamonkey/source/rdf/chrome/src/nsChromeProtocolHandler.cpp#713
-- it only gives the system principal to chrome:// channels which are pointing
to .xml, .xul, and .html files.

This is a long-standing issue; I'm sure we have other bugs on it.
Whiteboard: DUPEME

*** This bug has been marked as a duplicate of 221490 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Whiteboard: DUPEME
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: