Last Comment Bug 42482 - window.alert() causing exceptions
: window.alert() causing exceptions
Status: VERIFIED DUPLICATE of bug 42076
Product: Core
Classification: Components
Component: XUL (show other bugs)
: Trunk
: x86 Windows 2000
P3 critical (vote)
: ---
Assigned To: Mitchell Stoltz (not reading bugmail)
: Neil Deakin
Depends on:
  Show dependency treegraph
Reported: 2000-06-14 07:57 PDT by dan
Modified: 2008-07-31 02:54 PDT (History)
1 user (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

save as c:\alerttest.xul (741 bytes, text/plain)
2000-06-14 07:58 PDT, dan
no flags Details

Description User image dan 2000-06-14 07:57:33 PDT
see attached .xul for a sample window.alert.

- save as c:\alerttest.xul
- run: mozilla -console -chrome file://c:\alerttest.xul

press the "press me" button. instead of an alert, an exception
is generated.

alerttest.xul line 19:

JavaScript error:
 line 0: uncaught exception: [Exception... "Failure"  code: "-2147467259" nsresu
lt: "0x80004005 (NS_ERROR_FAILURE)"  location: "file:///C:/Workspace/eng/vib/res
earch/tools/export/mpbuilder/chrome/vib/content/alerttest.xul Line: 19"]
Comment 1 User image dan 2000-06-14 07:58:08 PDT
Created attachment 10108 [details]
save as c:\alerttest.xul
Comment 2 User image sairuh (rarely reading bugmail) 2000-06-14 10:18:39 PDT
Comment 3 User image Stephen Walker 2000-06-14 13:30:19 PDT
confirming. same js error shows up for me
Comment 4 User image don 2000-06-14 16:25:07 PDT
Why was this assigned to Ben?
Comment 5 User image John Morrison 2000-06-14 16:40:35 PDT
I assume this is a CAPS issue: the example will throw an exception when 
launched as './mozilla -chrome file:///foo.xul', but will work without 
error when either (1) loaded as browser content, or (2) loaded with 
'./mozilla -chrome chrome://navigator/content/foo.xul'
Comment 6 User image Peter Trudelle 2000-06-15 17:02:26 PDT
giving to danm for triage, cc mstoltz for possible CAPS involvement
Comment 7 User image Dan M 2000-06-15 20:22:25 PDT
  This is totally a security issue. The problem is, the JS Alert() window is, 
internally, turned into a chrome url. CAPS disallows a document loaded from a 
file protocol from accessing a document using the chrome protocol.
  I'm not a security maven. I think there are situations where scripts are 
legitimately disallowed from throwing alerts. Whether this is one of them, I 
don't know. If not, we're going to have to come up with some clever scheme to 
distinguish CommonDialog chrome URLs from run-of-the-mill chrome URLs. Turning 
over to mstoltz for comment.
Comment 8 User image Mitchell Stoltz (not reading bugmail) 2000-06-15 20:53:48 PDT
This is a known issue, and I have a temporary fix ready to go in until we can
come up with a sensible chrome security policy.

*** This bug has been marked as a duplicate of 42076 ***
Comment 9 User image John Morrison 2000-06-15 23:06:49 PDT
verified duplicate.

Note You need to log in before you can comment on or make changes to this bug.