Closed
Bug 304882
Opened 19 years ago
Closed 19 years ago
bookmarklet fails (accessing location.href after document.write())
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: Peter6, Assigned: mrbkap)
References
()
Details
(Keywords: fixed1.8, regression)
Attachments
(2 files, 2 obsolete files)
|
753 bytes,
text/plain
|
Details | |
|
21.20 KB,
patch
|
jst
:
review+
jst
:
superreview+
cbeard
:
approval1.8b4+
|
Details | Diff | Splinter Review |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050816
Firefox/1.0+ ID:2005081613
1. create bookmarklet (attachment follows)
2. open this bug and press the bookmarklet
expected: the textarea should be filled with text
result JSC error:
Error: uncaught exception: [Exception... "Component returned failure code:
0x80004003 (NS_ERROR_INVALID_POINTER) [nsIDOMLocation.href]" nsresult:
"0x80004003 (NS_ERROR_INVALID_POINTER)" location: "JS frame ::
javascript:(function() { var title = document.title; function
htmlEscape(s){return s;}; var
OS=document.getElementById(%22op_sys%22).value.substring(0,3) ;var
PR=document.getElementById(%22product%22).value ;var
comp=document.getElementById(%22component%22).value;if(comp==%22XSLT%22||comp==%22MathML%22||comp==%22XForms%22||comp==%22SVG%22||comp==%22Layout:
Canvas%22||comp==%22Editor%22||comp==%22Build Config%22)
PR=PR+%22:%22+comp;;document.write(%22<form name=f><textarea name=ta cols=120
rows=5></textarea></form>%22); document.close(); document.f.ta.value =
%22[*][url=%22 + location.href + %22]#%22 + /\d+/(title)[0] + %22 [/url][%22 +
PR +%22]-%22+htmlEscape(/-.*/(title)[0].slice(2)) +%22 [%22+OS +%22]%22+ %22%22;
document.f.ta.select(); })() :: anonymous :: line 1" data: no]
regressionwindow:
http://tinderbox.mozilla.org/bonsai/cvsquery.cgi?treeid=default&module=AviarySuiteBranchTinderbox&branch=MOZILLA_1_8_BRANCH&branchtype=match&filetype=match&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-08-16+11%3A47%3A00&maxdate=2005-08-16+13%3A29%3A00&cvsroot=%2Fcvsroot
|
Reporter | |
Comment 1•19 years ago
|
||
|
||
Updated•19 years ago
|
Flags: blocking1.8b4?
|
||
Comment 4•19 years ago
|
||
A simpler bookmarklet that fails now on the branch but didn't fail with this morning's branch nightly: javascript:document.write(); alert(location.href);
|
||
Updated•19 years ago
|
Blocks: splitwindows
|
||
Updated•19 years ago
|
Flags: blocking1.8b4? → blocking1.8b4+
|
Assignee | |
Updated•19 years ago
|
Flags: blocking1.8b4+ → blocking1.8b4?
|
|
Assignee | |
Comment 5•19 years ago
|
||
This is fallout from my checkin to the branch earlier today (bug 303267). This patch switches us to actually doing security checks for accesses to the location object instead of doing the null-out-docshell dance. This patch conflicts with my patch for bug 304764, so I'll attach a new one when I can extract the relevant changes.
Assignee: jst → mrbkap
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 6•19 years ago
|
||
Comment on attachment 192881 [details] [diff] [review] the patch + extra changes + // object. Parent it to the inner window so that access checks do the Right Note to self: Parent it to the *outer* window
|
|
Assignee | |
Comment 7•19 years ago
|
||
This patch should apply directly on top of the patch for bug 304764 (i.e., apply that one first, then apply this one).
Attachment #192881 -
Attachment is obsolete: true
Attachment #192902 -
Flags: review?(jst)
|
||
Updated•19 years ago
|
Flags: blocking1.8b4? → blocking1.8b4+
|
|
||
Updated•19 years ago
|
Summary: bookmarklet fails → bookmarklet fails (accessing location.href after document.write())
|
||
Comment 8•19 years ago
|
||
Comment on attachment 192902 [details] [diff] [review] real patch Looks good. Make the changes we talked about (nulling out the docshell in the window state holders' dtor and asserting in PreCreate() if we don't have a docshell) and I'll r=...
Attachment #192902 -
Flags: review?(jst)
|
|
Assignee | |
Comment 9•19 years ago
|
||
This has the extra listener manager changes in it, but I promise those aren't part of this bug :-).
Attachment #192902 -
Attachment is obsolete: true
Attachment #193008 -
Flags: review?(jst)
|
|
||
Comment 10•19 years ago
|
||
Comment on attachment 193008 [details] [diff] [review] null out the docshell when the docshell goes away r=jst
Attachment #193008 -
Flags: review?(jst) → review+
|
|
||
Comment 11•19 years ago
|
||
Comment on attachment 193008 [details] [diff] [review] null out the docshell when the docshell goes away ... and sr=jst too!
Attachment #193008 -
Flags: superreview+
|
|
Assignee | |
Comment 13•19 years ago
|
||
Checked into trunk.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 14•19 years ago
|
||
Comment on attachment 193008 [details] [diff] [review] null out the docshell when the docshell goes away This fixes window.location to work closer to the way it did before the splitwinodw landing.
Attachment #193008 -
Flags: approval1.8b4?
|
|
||
Updated•19 years ago
|
Attachment #193008 -
Flags: approval1.8b4? → approval1.8b4+
|
|
Assignee | |
Comment 15•19 years ago
|
||
I had to back this out because it was turning Txul tests orange.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Updated•19 years ago
|
Status: REOPENED → ASSIGNED
|
|
Assignee | |
Comment 16•19 years ago
|
||
Fix checked into the trunk, though the tree went red before any of the tinderboxen that went orange the last time had a chance to go green. I'm marking this FIXED, optimistically. I'll check in on the branch tomorrow.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago → 19 years ago
Resolution: --- → FIXED
Whiteboard: [needs branch checkin]
|
|
Assignee | |
Comment 17•19 years ago
|
||
And checked into MOZILLA_1_8_BRANCH. Hopefully it'll have more luck there!
Keywords: fixed1.8
Whiteboard: [needs branch checkin]
You need to log in
before you can comment on or make changes to this bug.
Description
•