Closed
Bug 470321
Opened 11 years ago
Closed 5 years ago
Security exception with document.styleSheets.cssRules (was 'Cannot view trailers')
Categories
(Web Compatibility :: Desktop, defect, P2)
P2
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: bufftallica, Unassigned)
References
()
Details
(Keywords: top100)
Attachments
(1 file)
652 bytes,
application/octet-stream
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 QuickTime doesn't work properly. For instance, it will open but no trailer will play. Reproducible: Sometimes Steps to Reproduce: 1.Go to apple.com/trailers 2.Try to view any trailer at any quality rate. Actual Results: Quick time opens and the movie trailer cannot be played back. Expected Results: Played the trailer.
Reporter | ||
Updated•11 years ago
|
Version: unspecified → 3.1 Branch
Comment 1•11 years ago
|
||
Just noticed this today on my Mac. Firefox 3.1, Build 20081201061100. Have Adblock installed but whitelisted the whole site just in case. Have noticed as well that sites sometimes don't think I have Flash installed (same build). Not sure if this is related. See http://www.theweathernetwork.com/fourteenday/cabc0402 Sorry if that is unrelated.
This is a Firefox bug. No extensions required. Happens on all platforms. The following exception appears in Error Console: Error: uncaught exception: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "http://movies.apple.com/trailers/scripts/trailer.js Line: 459"] It is also a regression, but I don't have time to search for the regression range.
Flags: blocking-firefox3.1?
By the way, this also happens on the nightly trunk builds Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090302 Minefield/3.2a1pre ID:20090302033741
Comment 4•11 years ago
|
||
Hm. I see this, but only on the large size trailers. Medium and small works fine for me. When I try large, I get the Quicktime-Questionmark icon. I had been assuming it was caching errors, but I see the same error in the console
Line 459 is:
function preloadCssImages() {
var styles = '';
$A(document.styleSheets).each(function(sheet, i) {
if(i != 0) {
if(!AC.Detector.isIE()) {
>> $A(sheet.cssRules).each(function(rule, i) {
styles+=rule.cssText
})
} else {
styles+=sheet.cssText;
}
}
});
Which makes me suspect that this is a UA sniffing thing.
Works with and without JITing.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 5•11 years ago
|
||
Sorry - "happens" and without JITing on, is what I meant.
Updated•11 years ago
|
Flags: blocking-firefox3.1?
Keywords: regression,
regressionwindow-wanted
Product: Firefox → Core
QA Contact: general → general
Version: 3.1 Branch → Trunk
Updated•11 years ago
|
Flags: blocking1.9.1?
Comment 6•11 years ago
|
||
So it looks like we're throwing a DOM security error here when the script attempts to grab stylesheets. Is it possible that this is running into problems due to new DOM security restrictions?
Component: General → DOM
QA Contact: general → general
Updated•11 years ago
|
Summary: Cannot view trailers. → Security exception with document.styleSheets.cssRules (was 'Cannot view trailers')
Comment 7•11 years ago
|
||
Sounds like a blocker to me.
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P2
Target Milestone: --- → mozilla1.9.1
On further investigation, this is NOT a Minefield regression. It is entirely Apple's doing and as Mike Beltzner stated, "a UA sniffing thing." Scanning the code at issue, trailer.js, it is almost as though Apple is thumbing their noses at every browser but Safari, IE, and iPhone. I see nothing there that suggests any effort to support any other browser; but then, I'm practically a JavaScript virgin. :-) So this might be an evangelism bug, unless there is something the devs see an actual bug somewhere.
Over to tech evangelism then. Let me know if you need contacts at apple.
Assignee: nobody → english-us
Component: DOM → English US
Flags: blocking1.9.1+
Product: Core → Tech Evangelism
QA Contact: general → english-us
Target Milestone: mozilla1.9.1 → ---
Version: Trunk → unspecified
Comment 10•11 years ago
|
||
(In reply to comment #9) > Over to tech evangelism then... Please also remove the Keywords: "regression" and "regressionwindow-wanted"
Updated•11 years ago
|
Keywords: regression,
regressionwindow-wanted
Comment 11•10 years ago
|
||
This should be marked RESOLVED. Issue no longer exists.
Comment 12•10 years ago
|
||
I see this running while running Mozilla/5.0 (Windows; U; WindowsCE 6.0; en-US; rv:1.9.2a2pre) Gecko/20090904 Namoroka/3.6a2pre
Comment 13•10 years ago
|
||
I have managed to produce a simple test case to reproduce this. The problem no longer exists on the Apple site so I don't know if this is exactly the same issue that they had, but it is the same symptoms (attempting to reference cssRules produces security error 1000). The test case contains an external CSS file, some JavaScript to count the rules in the CSS file and a button to run the JavaScript. function countRules() { var link = document.getElementById("testSheet"); var sheet = link.sheet; var rules = sheet.cssRules; alert("There are " + rules.length + " rules in the stylesheet."); } The key to making this fail is to modify document.domain (in this case I just do document.domain = document.domain). Once this is done, all attempts to access sheet.cssRules produce a security error. So, load the test page and click "Count Rules". An alert tells you there are two rules. Now click "Set Domain" and try the count again. The test case is attached. You can also view it at http://www.ivanpeters.com/tmp/cssRulesTest.html Ivan
Comment 14•7 years ago
|
||
Why is this considered an evangelism bug? It is an actual bug: 1. document.styleSheets[index].cssRules throws an exception if a stylesheet is loaded from another domain. 2. Exception is thrown for every stylesheet after modifying document.domain. This prevents from parsing actual CSS; nowadays it is a common practice to host CSS on another (sub)domain or CDN. Specs (http://www.w3.org/TR/DOM-Level-2-Style/css.html, http://dev.w3.org/csswg/cssom) do not say anything about such security restrictions.
![]() |
||
Comment 15•5 years ago
|
||
The site has possibly changed a couple of times design since the opening of this bug. Going to the current site doesn't exhibit any issues in the logs.
Assignee: english-us → nobody
Status: NEW → RESOLVED
Closed: 5 years ago
Component: English US → Desktop
Resolution: --- → WORKSFORME
Assignee | ||
Updated•10 months ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•