Closed Bug 294406 Opened 20 years ago Closed 20 years ago

chrome XHTML documents do not get chrome privileges

Categories

(Core :: DOM: Core & HTML, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 221490

People

(Reporter: u81239, Unassigned)

Details

(Keywords: testcase)

Attachments

(1 file)

439 bytes, application/xhtml+xml
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050514 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050514 Firefox/1.0+ I made an XHTML document which loads another site in an iframe and then queries the content of that iframe, such as: document.getElementById('iframe').contentDocument.URL. However, normally the script doesn’t have enough privileges to be able to do that. An "Error: uncaught exception: Permission denied to get property HTMLDocument.URL" error appears in the JavaScript console. So far so good, this is expected. So, I create a basic extension setup, and access the file through chrome://. Problem: the error still appears! When I rename the file to .html, everything works allright. The only conclusion I can make here is that XHTML files loaded through the chrome don’t get the additional privileges XUL and HTML files get. Reproducible: Always Steps to Reproduce:
Attached file Testcase
Here’s a testcase. Please load from chrome://.
Keywords: testcase
Attachment #183779 - Attachment mime type: text/html → application/xhtml+xml
I don't get even your first prompt (which shouldn't require privs) to work when this is .xhtml in chrome, nor does injecting "javascript:alert('foo');" do anything. There may be something more fundamental here than a CAPS issue (caps does not check extensions when assigning privileges). Is there no "chrome" component? Neither DOM nor Layout seem the right component, but they're the closest.
Assignee: dveditz → general
Component: Security → DOM
QA Contact: toolkit → ian
Summary: XHTML documents in chrome do not get chrome privileges → chrome XHTML documents do not get chrome privileges
Caps doesn't check extensions, but chrome does. See http://lxr.mozilla.org/seamonkey/source/rdf/chrome/src/nsChromeProtocolHandler.cpp#713 -- it only gives the system principal to chrome:// channels which are pointing to .xml, .xul, and .html files. This is a long-standing issue; I'm sure we have other bugs on it.
Whiteboard: DUPEME
*** This bug has been marked as a duplicate of 221490 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Whiteboard: DUPEME
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: