Closed Bug 42506 Opened 25 years ago Closed 25 years ago

be able to get applet object through cross-domain

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: czhang, Assigned: security-bugs)

References

(
URL
)

Details

(Whiteboard: [nsbeta2+])

load 6/14 M17 build 1. go to http://cathyz/origin/applet.html 2. wait for a while, see an alert box displaying applet object, that is OK, it is accessing the object in the same domain 3. click the applet button on one of the window, it is not suppose to get the applet object, since it is grabing the object from different domain, but I am getting it even though I see the javascript error(does not say what error) in the console. on NS4.7, I am not able to get applet, it is saying access denied ---------------http://cathyz/origin/applet.html------------------------------- <html> <script> // document.watch("domain", function(p, o, n){return n;}); // document.domain = "http://cathyz2"; var a=window.open("http://cathyz2/sameori/applet.html", "newin"); function go() { alert(a.document.applets[0]); } </script> <body> <form> <input type=button value="applet" onClick="go()"> </form> </body> </html> ------------------http://cathyz2/sameori/applet.html---------------- <html> <script> setTimeout("alert(document.applets[0]);", 6000); </script> <body> <APPLET codebase="http://marvin.mcom.com/ngdriver/suites/res/" CODE="parbanner.c lass" HEIGHT=60 WIDTH=800> <PARAM NAME="bgcolor" VALUE="f00f00"> <PARAM NAME="fgcolor" VALUE="bedace"> <PARAM NAME="message" VALUE="The applet! She is running! (And there was much rejoicing.)"> </APPLET> </body> </html>
Looks like we either need to add a security check for applets, or default to sameOrigin (28443).
Depends on: 28443
Looks like we either need to add a security check for applets, or default to sameOrigin (28443).
Status: NEW → ASSIGNED
Nominating nsbeta2.
Keywords: nsbeta2
Target Milestone: --- → M17
nsbeta2+
Whiteboard: [nsbeta2+]
I think this is fixed. Cathy, can you confirm?
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
It is fixed
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.