Closed Bug 321860 Opened 15 years ago Closed 12 years ago

user_pref("capability.policy.default.HTMLDocument.onmousedown", "noAccess") does not work

Categories

(Core :: Security: CAPS, defect)

1.8 Branch
x86
Windows 2000
defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: s.a.moeller, Assigned: dveditz)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b

Setting
  user_pref("capability.policy.default.HTMLDocument.onmousedown", "noAccess");
does not prevent
  document.onmousedown = somefunction();
to be executed.

I expected it to work as well as
  user_pref("capability.policy.default.Window.onmousedown", "noAccess");
does prevent
  window.onmousedown = somefunction();


Reproducible: Always

Steps to Reproduce:
1. Set
user_pref("capability.policy.default.HTMLDocument.onmousedown", "noAccess"); and
user_pref("capability.policy.default.Window.onmousedown", "noAccess");

2. Open the attached test case and right click onto the content area.
Actual Results:  
Alert box opens. Context menu is suppressed.

Expected Results:  
No Alert, but context menu instead.
Attached file testcase
==> caps
Assignee: general → dveditz
Component: General → Security: CAPS
Product: Mozilla Application Suite → Core
QA Contact: general
Version: unspecified → 1.8 Branch
Blocks: 326543
Duplicate of this bug: 459339
This isn't a property managed by xpconnect, so not surprising.  But in general, the capability.policy stuff is going away, so we don't plan to fix this.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.