Closed Bug 48983 Opened 24 years ago Closed 24 years ago

4.x DOM restrictions

Categories

(Core :: Security: CAPS, defect, P4)

defect

Tracking

()

VERIFIED FIXED

People

(Reporter: security-bugs, Assigned: jat)

References

Details

(Whiteboard: [nsbeta3+])

My Javascript book (and the old Web documentation on Devedge) lists a bunch of 
things that unsigned scripts should not have access to (FileUpload objects, event 
objects, window opening/closing restrictions, etc.) Need to make sure all of 
these restrictions are still enforced.
Keywords: nsbeta3
OS: Mac System 8.5 → All
Hardware: Macintosh → All
Target Milestone: --- → M18
Depends on: 32571
Priority: P3 → P4
Whiteboard: [nsbeta3+]
Lower priority, but beta3+.
->jtaylor
Assignee: mstoltz → jtaylor
Status: NEW → ASSIGNED
(Comprehensive) List of JS things requiring signing:

-- History object
    * Properties: current, next, previous
    * Methods: toString()

-- FileUpload object
    * Property: value (write access only)

-- Form object
    * Property: action (set URL to 'mailto:' or 'news:')

-- Window object
    * Properties: innerHeight, innerWidth, outerHeight, outerWidth, screenX, 
screenY all subject to screen size (window can not be set to <100px)
    * Method: close() can not close last window (exiting program)

-- Browser Display
    * Modifying the chrome of the browser (taskbar, toolbar, etc..)

-- about:...
    * Page should only be able to access about:blank

-- Event Object
    * Property: data, used for dragdrop

-- Cross domain events
    * enableExternalCapture

-- Preference read/write


This list comes from published documentation on JS security (JavaScript: The 
Definitive Guide [O'Reilly], DevEdge docs, Mozilla docs)

I know that Preferences, history, move & resize all currently need privileges. I 
will check others. I am not sure how to use JS to modify chrome elements, though  
I do know chrome in general is being checked elsewhere. about:__ depends on bug 
#13291. As of today, self.close() can quit browser.
Marking fixed. The DOM restrictions work in mozilla, with the exception of 
window.close closing the browser (bug 32571). Should the window.close issue be 
escalated for PR3? It does seem like an important issue.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
John could you verify this bug - Thanks
Changing QA contact to junruh@netscape.com
QA Contact: czhang → junruh
Verified on windows build.
Status: RESOLVED → VERIFIED
Flags: testcase+
Flags: in-testsuite+ → in-testsuite?
You need to log in before you can comment on or make changes to this bug.