Closed
Bug 42482
Opened 24 years ago
Closed 24 years ago
window.alert() causing exceptions
Categories
(Core :: XUL, defect, P3)
Tracking
()
People
(Reporter: dan, Assigned: security-bugs)
Details
Attachments
(1 file)
741 bytes,
text/plain
|
Details |
see attached .xul for a sample window.alert. - save as c:\alerttest.xul - run: mozilla -console -chrome file://c:\alerttest.xul press the "press me" button. instead of an alert, an exception is generated. file:///C:/Workspace/eng/vib/research/tools/export/mpbuilder/chrome/vib/content/ alerttest.xul line 19: JavaScript error: line 0: uncaught exception: [Exception... "Failure" code: "-2147467259" nsresu lt: "0x80004005 (NS_ERROR_FAILURE)" location: "file:///C:/Workspace/eng/vib/res earch/tools/export/mpbuilder/chrome/vib/content/alerttest.xul Line: 19"]
Comment 2•24 years ago
|
||
XUL?
Assignee: don → ben
Component: XP Apps → XP Toolkit/Widgets: XUL
QA Contact: sairuh → jrgm
Comment 3•24 years ago
|
||
confirming. same js error shows up for me
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 5•24 years ago
|
||
I assume this is a CAPS issue: the example will throw an exception when launched as './mozilla -chrome file:///foo.xul', but will work without error when either (1) loaded as browser content, or (2) loaded with './mozilla -chrome chrome://navigator/content/foo.xul'
Comment 6•24 years ago
|
||
giving to danm for triage, cc mstoltz for possible CAPS involvement
Assignee: trudelle → danm
This is totally a security issue. The problem is, the JS Alert() window is, internally, turned into a chrome url. CAPS disallows a document loaded from a file protocol from accessing a document using the chrome protocol. I'm not a security maven. I think there are situations where scripts are legitimately disallowed from throwing alerts. Whether this is one of them, I don't know. If not, we're going to have to come up with some clever scheme to distinguish CommonDialog chrome URLs from run-of-the-mill chrome URLs. Turning over to mstoltz for comment.
Assignee: danm → mstoltz
Assignee | ||
Comment 8•24 years ago
|
||
This is a known issue, and I have a temporary fix ready to go in until we can come up with a sensible chrome security policy. *** This bug has been marked as a duplicate of 42076 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: jrgmorrison → xptoolkit.widgets
You need to log in
before you can comment on or make changes to this bug.
Description
•