Closed Bug 298863 Opened 20 years ago Closed 12 years ago

Allow untrusted sites to send warnings to the Javascript console

Categories

(Toolkit Graveyard :: Error Console, enhancement)

Product:
Toolkit Graveyard
Component:
Error Console
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: skissane, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

At present, Javascript code can raise arbitrary warnings in the console, through
code such as this:
        var consoleService = Components.classes['@mozilla.org/consoleservice;1']
                    .getService(Components.interfaces.nsIConsoleService);
        consoleService.logStringMessage(msg);
However, only chrome javascript or signed javascript can get the consoleService
through Components.classes.

It would be nice if there was a function (or functions) which could be called
from untrusted javascript code, so that untrusted javascript code could have
write access to the consoleService.

Reproducible: Always
A workaround is to use a function like this:
  function reportToJSConsole(msg) {
    setTimeout(function(s) {throw s;}, 0, msg);
  }

This is enough for web developers. I don't think we need anything more advanced
here.
Another workaround is to use a third-party logging module:
http://www.alistapart.com/articles/jslogging
Product: Firefox → Toolkit
Simon: Did these workarounds solve what you needed, or do you still need the specific functionality you requested?  If you don't need it implemented anymore, we should close the bug as INCOMPLETE.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
Product: Toolkit → Toolkit Graveyard
You need to log in before you can comment on or make changes to this bug.