Last Comment Bug 328932 - Evaluating Components.classes in JS Console throws an exception "Error: uncaught exception: Permission denied to get property UnnamedClass.classes"
: Evaluating Components.classes in JS Console throws an exception "Error: uncau...
Status: RESOLVED FIXED
: fixed-seamonkey1.0.1, fixed-seamonkey1.1a, fixed1.8.0.2, fixed1.8.0.4, fixed1.8.1, regression
Product: Core Graveyard
Classification: Graveyard
Component: Error Console (show other bugs)
: 1.8 Branch
: All All
: -- major (vote)
: mozilla1.8final
Assigned To: :Gavin Sharp [email: gavin@gavinsharp.com]
: John Morrison
Mentors:
Depends on:
Blocks: 327078
  Show dependency treegraph
 
Reported: 2006-02-28 21:58 PST by Andrew Schultz
Modified: 2010-05-04 05:21 PDT (History)
8 users (show)
dveditz: blocking1.8.0.4+
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Proposed patch (SeaMonkey fix, checked in on trunk and 1.8 and 1.8.0 branches) (2.84 KB, patch)
2006-03-01 01:40 PST, neil@parkwaycc.co.uk
bzbarsky: review+
jag-mozilla: superreview+
dveditz: approval1.7.13-
jag-mozilla: approval‑branch‑1.8.1+
dveditz: approval1.8.0.2+
Details | Diff | Splinter Review
toolkit patch (Firefox fix) (3.50 KB, patch)
2006-03-02 16:27 PST, :Gavin Sharp [email: gavin@gavinsharp.com]
mconnor: approval‑branch‑1.8.1+
dveditz: approval1.8.0.2-
dveditz: approval1.8.0.4+
Details | Diff | Splinter Review

Description Andrew Schultz 2006-02-28 21:58:46 PST
Attempting to evaluate "Components.classes" in the JS Console window results in an exception:

Error: uncaught exception: Permission denied to get property UnnamedClass.classes

Backing out the checkin from bug 327078 and bug 328469 unbreaks it.
Comment 1 Boris Zbarsky [:bz] 2006-02-28 22:23:43 PST
So the JS console is setting the "src" of an about:blank iframe (the <iframe> itself is in a chrome document, but has about:blank loaded in it) to a javascript: URI and expects that to run with chrome privileges.  I purposefully disabled that in bug 327078, and I think that the right fix is to fix the JS console to preload a chrome URI in that iframe or to use a sandbox to evaluate the JS or something.

Note that for normal users all of this is a non-issue, imo (so I see no reason to scramble to fix this on branches; if we fix it, we fix it).
Comment 2 neil@parkwaycc.co.uk 2006-03-01 01:40:30 PST
Created attachment 213561 [details] [diff] [review]
Proposed patch (SeaMonkey fix, checked in on trunk and 1.8 and 1.8.0 branches)

I had to shamelessly steal blank.html from nsAboutBlank.cpp
Comment 3 jag (Peter Annema) 2006-03-01 03:02:04 PST
Comment on attachment 213561 [details] [diff] [review]
Proposed patch (SeaMonkey fix, checked in on trunk and 1.8 and 1.8.0 branches)

Index: console/resources/content/blank.html
===================================================================

\ No newline at end of file
Comment 4 Boris Zbarsky [:bz] 2006-03-01 07:46:24 PST
Comment on attachment 213561 [details] [diff] [review]
Proposed patch (SeaMonkey fix, checked in on trunk and 1.8 and 1.8.0 branches)

r=bzbarsky, but doesn't toolkit need a similar fix?  Or is the idea that this patch applies to both xpfe and toolkit?
Comment 5 neil@parkwaycc.co.uk 2006-03-01 09:18:46 PST
(In reply to comment #3)
>(From update of attachment 213561 [details] [diff] [review] [edit])
>Index: console/resources/content/blank.html
>===================================================================
>\ No newline at end of file
I actually saved about:blank, which has no newline...
alternatively I could use data:text/html, instead?

(In reply to comment #4)
>doesn't toolkit need a similar fix?
I'm sure gavin is eager to port the fix :-)
Comment 6 neil@parkwaycc.co.uk 2006-03-02 16:01:41 PST
xpfe patch checked in, over to gavin for toolkit port.
Comment 7 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-03-02 16:27:35 PST
Created attachment 213825 [details] [diff] [review]
toolkit patch (Firefox fix)

Port the patch for bug 158475 while I'm at it :)
Comment 8 Boris Zbarsky [:bz] 2006-03-02 16:34:43 PST
Note that this is probably needed on all 4 branches too, since bug 327078 landed on those.  Unless we're ok with breaking this on branches.
Comment 9 neil@parkwaycc.co.uk 2006-03-02 16:41:23 PST
Comment on attachment 213561 [details] [diff] [review]
Proposed patch (SeaMonkey fix, checked in on trunk and 1.8 and 1.8.0 branches)

Fix for regression from bug 327078.
Comment 10 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-03-02 16:46:14 PST
Comment on attachment 213825 [details] [diff] [review]
toolkit patch (Firefox fix)

It'd be nice to not regress the JS console functionality for 1.5.0.2.
Comment 11 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-03-02 16:49:56 PST
mozilla/toolkit/components/console/content/console.xul 	1.7
mozilla/toolkit/components/console/content/console.js 	1.4
mozilla/toolkit/components/console/content/blank.html 	1.1
mozilla/toolkit/components/console/jar.mn 	1.6 
Comment 12 neil@parkwaycc.co.uk 2006-03-03 01:53:21 PST
Comment on attachment 213561 [details] [diff] [review]
Proposed patch (SeaMonkey fix, checked in on trunk and 1.8 and 1.8.0 branches)

Checked into the MOZILLA_1_8_BRANCH.
Comment 13 neil@parkwaycc.co.uk 2006-03-03 04:03:35 PST
(In reply to comment #7)
>Port the patch for bug 158475 while I'm at it :)
Oddly I seem to be able to back out that patch without regressing the bug...
Comment 14 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-03-05 14:10:05 PST
mozilla/toolkit/components/console/content/console.xul 	1.5.10.2
mozilla/toolkit/components/console/content/blank.html 	1.1.2.2
mozilla/toolkit/components/console/jar.mn 	1.5.18.1
mozilla/toolkit/components/console/content/console.js 	1.3.10.1
Comment 15 Bob Clary [:bc:] 2006-03-09 10:57:50 PST
fwiw, this makes it impossible to run some security tests on 1.5.0.2
Comment 16 Tim Riley [:timr] 2006-03-16 17:59:56 PST
After talking to the Release Team (dveditz, mscott, and others) we feel that the "proposed patch" directly affects Firefox and would require a respin.  The fix is important, but not worth a respin.  Should be a no brainer for 1.5.0.3

The "toolkit patch" can land as it is independent of Firefox.  We won't rebuild for this.  We will be building FF 1.5.0.2 based on tags from when QA started the final tests about a week or two ago.  But this allow Seamonkey to build off of this code.  If you request toolkit patch approval1.8.0.2, we will approve it to land now.
Comment 17 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-03-16 18:08:08 PST
(In reply to comment #16)
> The "toolkit patch" can land as it is independent of Firefox.  We won't rebuild
> for this.

Just to be clear, the "toolkit patch" is the patch that affects Firefox - the "proposed patch" is Seamonkey-only.
Comment 18 neil@parkwaycc.co.uk 2006-03-17 05:42:32 PST
Comment on attachment 213561 [details] [diff] [review]
Proposed patch (SeaMonkey fix, checked in on trunk and 1.8 and 1.8.0 branches)

As per comment 16 rerequesting approval for SeaMonkey change to land in closed 1.8.0 branch.
Comment 19 Daniel Veditz [:dveditz] 2006-03-17 12:04:10 PST
Comment on attachment 213561 [details] [diff] [review]
Proposed patch (SeaMonkey fix, checked in on trunk and 1.8 and 1.8.0 branches)

approved for 1.8.0 branch, a=dveditz for drivers
Comment 20 Tim Riley [:timr] 2006-03-27 09:23:00 PST
Comment on attachment 213561 [details] [diff] [review]
Proposed patch (SeaMonkey fix, checked in on trunk and 1.8 and 1.8.0 branches)

It looks like ths landed o 3/17/06.  If so, please mark the bug with keyword: fixed1.8.0.2
Comment 21 Andrew Schultz 2006-03-27 10:29:19 PST
Tim: Only the SeaMonkey-only change landed on the 1_8_0 branch.  The toolkit version has not landed on the 1_8_0 branch.
Comment 22 Daniel Veditz [:dveditz] 2006-03-27 11:39:33 PST
adding fixed1.8.0.2 keyword because the seamonkey patch is checked in. This will also get a fixed1.8.0.3 keyword when the toolkit version is in. Sorry for all the confusion, but this is an edge case for the current way we're abusing bugzilla flags for branch tracking.
Comment 23 Daniel Veditz [:dveditz] 2006-04-03 12:18:26 PDT
Comment on attachment 213825 [details] [diff] [review]
toolkit patch (Firefox fix)

approved for 1.8.0 branch, a=dveditz for drivers
Comment 24 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-04-03 13:56:11 PDT
Toolkit patch checked in on the 1_8_0 branch for Firefox 1.5.0.3.

mozilla/toolkit/components/console/jar.mn 	1.5.26.1
mozilla/toolkit/components/console/content/blank.html 	1.1.8.2
mozilla/toolkit/components/console/content/console.js 	1.3.18.1
mozilla/toolkit/components/console/content/console.xul 	1.5.10.1.4.1

Note You need to log in before you can comment on or make changes to this bug.