Closed Bug 33803 Opened 26 years ago Closed 26 years ago

document.domain doesn't affect javascript: URL's

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: security-bugs, Assigned: security-bugs)

References

(
URL
)

Details

Click on a Javascript: URL on a page on which document.domain has been set, and the javascript: URL runs with the original domain. Look at http://warp/u/mstoltz/bugs/jsurl.http Principals for a javascript: URL are calculated from the URL of the referring page, not the principal of the referring page. Can we use the principal of the page instead? That way, any change to the principal (document.domain) will be relected when javascript: URLs are executed.
*** Bug 33759 has been marked as a duplicate of this bug. ***
Status: NEW → ASSIGNED
Will be fixed as part of javascript: protocol overhaul, reassigning to norris.
Assignee: mstoltz → norris
Status: ASSIGNED → NEW
Blocks: 30915
Status: NEW → ASSIGNED
Target Milestone: --- → M16
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
Related to the javascript: URL referrer problem. Marking M17.
Status: NEW → ASSIGNED
Target Milestone: M16 → M17
Assigning QA to czhang
QA Contact: junruh → czhang
Fix for 31818 fixed this bug. Use the above URL as a testcase. (Internal, sorry). Marking FIXED.
URL: www.bmwusa.comhttp://warp.mcom.com/u/mstoltz/bugs/d...
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
verified.
Status: RESOLVED → VERIFIED
Flags: testcase+
Flags: in-testsuite+ → in-testsuite?
You need to log in before you can comment on or make changes to this bug.