Closed Bug 424066 Opened 15 years ago Closed 15 years ago

CheckSameOriginURI reports spurious error during routine internal comparison

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla1.9beta5

People

(Reporter: shaver, Assigned: shaver)

Details

Attachments

(1 file)

Another in the tradition of bug 246699: even with that patch, you can get errors that don't have context information, though it looks like the GetPropertyDenied code should be going through the SetPendingException code.  Could be the "%hs" in the specifier?
I have no idea what I was thinking when I summarized this bug.

The problem is that nsScriptSecurityManager::CheckSameOriginURI always calls ReportError with a null cx, which means no informative exception, just an error console spew.  Could maybe get away with using the context thread stack, but I wonder if our error messages would actually be useful there.
Summary: "Error: Access denied to get property/set property/create wrapper/call method" doesn't have context information → "may not load data from" error doesn't have context
Mike, the right solution here is to have the caller (the DOM error reporter function) pass PR_FALSE for the last argument and report the correct error itself.  That correct error being that we're leaving information off the onerror event becase it's firing cross-origin.

That's assuming we want to report this at all.

In fact, I'd say we want to move toward having CheckSameOriginURI never report anything.
Yeah, that's the patch that mrbkap suggested, and that I'm trying to figure out how to mochitest now.
Fixing summary.
Assignee: shaver → nobody
Component: Security: CAPS → DOM
QA Contact: caps → general
Summary: "may not load data from" error doesn't have context → CheckSameOriginURI reports spurious error during routine internal comparison
bz and mrbkap both suggested this patch, so asking either of them for review.

https://bugzilla.mozilla.org/show_bug.cgi?id=424974 tracks the test infrastructure for making sure we don't regress.

I'd love to get this simple fix into b5, to eliminate one  way our error reporting can send extension authors off into the weeds while they're updating their extension for FF3.  It's already wasted too much of John Barton's scarce time as it is!

(Sadly, other such cases remain, but I'm not done yet with FF3.)
Assignee: nobody → shaver
Status: NEW → ASSIGNED
Attachment #311574 - Flags: superreview?(bzbarsky)
Attachment #311574 - Flags: review?(mrbkap)
Attachment #311574 - Flags: approval1.9b5?
Attachment #311574 - Flags: superreview?(bzbarsky) → superreview+
Comment on attachment 311574 [details] [diff] [review]
make NS_ScriptErrorReporter not whine about inequal origin URLs when constructing exceptions

a1.9b5=beltzner
Attachment #311574 - Flags: review?(mrbkap)
Attachment #311574 - Flags: approval1.9b5?
Attachment #311574 - Flags: approval1.9b5+
Landed for b5 with beltzner's blessing.

Checking in dom/src/base/nsJSEnvironment.cpp;
/cvsroot/mozilla/dom/src/base/nsJSEnvironment.cpp,v  <--  nsJSEnvironment.cpp
new revision: 1.397; previous revision: 1.396
done
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9beta5
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.