Closed
Bug 313664
Opened 19 years ago
Closed 13 years ago
focusedElement gives untrusted script a reference to the textbox inside a file upload control
Categories
(Core :: DOM: UI Events & Focus Handling, defect, P3)
Tracking
()
RESOLVED
INVALID
People
(Reporter: jruderman, Unassigned)
Details
(Keywords: testcase, Whiteboard: [sg:moderate] stepping stone without a known complement)
Attachments
(1 file)
|
1.07 KB,
application/vnd.mozilla.xul+xml
|
Details |
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b5) Gecko/20051023 Firefox/1.5
Might be related: bug 313573, bug 313566.
|
Reporter | |
Comment 1•19 years ago
|
||
To reproduce: click on the textbox in the file upload control.
Result: "Focus is somewhere weird", which I think indicates that the script has a reference to a hidden child of the file upload control.
|
|
Reporter | |
Updated•19 years ago
|
Whiteboard: [sg:moderate] stepping stone without a known complement
|
|
Reporter | |
Updated•17 years ago
|
Flags: blocking1.9?
On trunk this is not a problem at all really, there is nothing dangerous you can do with that textbox. Probably worse on branch if we have focusedElement there?
Would be really good to have this fixed though as we in general try to make it impossible to get to native-anonymous nodes.
Flags: blocking1.9? → blocking1.9+
Priority: -- → P3
|
||
Updated•17 years ago
|
Flags: wanted1.9.0.x+
Flags: tracking1.9+
Flags: blocking1.9-
|
||
Comment 4•15 years ago
|
||
I opened bug 561664 to fix a non-security related part of this.
Is there any reason to keep this as sg:* bug? Or keep this open?
For trunk I can't think of any reason to keep this bug hidden, or indeed open. I don't know if we're still supporting any branches where getting to the textbox is bad. I don't think that is the case.
|
||
Comment 6•13 years ago
|
||
I say we're done here.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
|
||
Updated•11 years ago
|
Group: core-security
|
||
Updated•6 years ago
|
Component: Event Handling → User events and focus handling
You need to log in
before you can comment on or make changes to this bug.
Description
•