Closed
Bug 294406
Opened 20 years ago
Closed 20 years ago
chrome XHTML documents do not get chrome privileges
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 221490
People
(Reporter: u81239, Unassigned)
Details
(Keywords: testcase)
Attachments
(1 file)
439 bytes,
application/xhtml+xml
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050514 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050514 Firefox/1.0+
I made an XHTML document which loads another site in an iframe and then queries
the content of that iframe, such as:
document.getElementById('iframe').contentDocument.URL.
However, normally the script doesn’t have enough privileges to be able to do
that. An "Error: uncaught exception: Permission denied to get property
HTMLDocument.URL" error appears in the JavaScript console. So far so good, this
is expected.
So, I create a basic extension setup, and access the file through chrome://.
Problem: the error still appears!
When I rename the file to .html, everything works allright. The only conclusion
I can make here is that XHTML files loaded through the chrome don’t get the
additional privileges XUL and HTML files get.
Reproducible: Always
Steps to Reproduce:
Updated•20 years ago
|
Attachment #183779 -
Attachment mime type: text/html → application/xhtml+xml
Comment 2•20 years ago
|
||
I don't get even your first prompt (which shouldn't require privs) to work when
this is .xhtml in chrome, nor does injecting "javascript:alert('foo');" do
anything. There may be something more fundamental here than a CAPS issue (caps
does not check extensions when assigning privileges).
Is there no "chrome" component? Neither DOM nor Layout seem the right component,
but they're the closest.
Assignee: dveditz → general
Component: Security → DOM
QA Contact: toolkit → ian
Summary: XHTML documents in chrome do not get chrome privileges → chrome XHTML documents do not get chrome privileges
Comment 3•20 years ago
|
||
Caps doesn't check extensions, but chrome does. See
http://lxr.mozilla.org/seamonkey/source/rdf/chrome/src/nsChromeProtocolHandler.cpp#713
-- it only gives the system principal to chrome:// channels which are pointing
to .xml, .xul, and .html files.
This is a long-standing issue; I'm sure we have other bugs on it.
Whiteboard: DUPEME
Comment 4•20 years ago
|
||
*** This bug has been marked as a duplicate of 221490 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Whiteboard: DUPEME
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•