Closed
Bug 48983
Opened 24 years ago
Closed 24 years ago
4.x DOM restrictions
Categories
(Core :: Security: CAPS, defect, P4)
Core
Security: CAPS
Tracking
()
VERIFIED
FIXED
M18
People
(Reporter: security-bugs, Assigned: jat)
References
Details
(Whiteboard: [nsbeta3+])
My Javascript book (and the old Web documentation on Devedge) lists a bunch of things that unsigned scripts should not have access to (FileUpload objects, event objects, window opening/closing restrictions, etc.) Need to make sure all of these restrictions are still enforced.
Reporter | ||
Updated•24 years ago
|
Updated•24 years ago
|
Priority: P3 → P4
Whiteboard: [nsbeta3+]
Comment 1•24 years ago
|
||
Lower priority, but beta3+.
Assignee | ||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 3•24 years ago
|
||
(Comprehensive) List of JS things requiring signing: -- History object * Properties: current, next, previous * Methods: toString() -- FileUpload object * Property: value (write access only) -- Form object * Property: action (set URL to 'mailto:' or 'news:') -- Window object * Properties: innerHeight, innerWidth, outerHeight, outerWidth, screenX, screenY all subject to screen size (window can not be set to <100px) * Method: close() can not close last window (exiting program) -- Browser Display * Modifying the chrome of the browser (taskbar, toolbar, etc..) -- about:... * Page should only be able to access about:blank -- Event Object * Property: data, used for dragdrop -- Cross domain events * enableExternalCapture -- Preference read/write This list comes from published documentation on JS security (JavaScript: The Definitive Guide [O'Reilly], DevEdge docs, Mozilla docs) I know that Preferences, history, move & resize all currently need privileges. I will check others. I am not sure how to use JS to modify chrome elements, though I do know chrome in general is being checked elsewhere. about:__ depends on bug #13291. As of today, self.close() can quit browser.
Assignee | ||
Comment 4•24 years ago
|
||
Marking fixed. The DOM restrictions work in mozilla, with the exception of window.close closing the browser (bug 32571). Should the window.close issue be escalated for PR3? It does seem like an important issue.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Comment 5•24 years ago
|
||
John could you verify this bug - Thanks Changing QA contact to junruh@netscape.com
Updated•24 years ago
|
QA Contact: czhang → junruh
Updated•18 years ago
|
Flags: testcase+
Updated•17 years ago
|
Flags: in-testsuite+ → in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•