The default bug view has changed. See this FAQ.

javascript: URIs refuse to load when channel owner is null

RESOLVED FIXED in mozilla6

Status

()

Core
General
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Gavin, Assigned: Gavin)

Tracking

unspecified
mozilla6
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 2 obsolete attachments)

See bug 656433 comment 19 and subsequent comments. Once we disallow inheriting of principals for URIs entered in the location bar, it would be nice to continue to allow javascript URIs that simply produce output to continue to work, by having them run against a null principal.
Created attachment 532084 [details] [diff] [review]
patch

This seems to work (tested with the patch from bug 656433). Is it going to cause any security problems? I don't know!
Attachment #532084 - Flags: feedback?(bzbarsky)
Comment on attachment 532084 [details] [diff] [review]
patch

We actually depend on this code being the way it is to avoid running JS (even in a sandbox) in some contexts.  I'd rather not change that behavior right now.

For the bug 656433 thing, we'd want to get a null principal in docshell only.
Attachment #532084 - Flags: feedback?(bzbarsky) → feedback-
Created attachment 532270 [details] [diff] [review]
patch

As discussed on IRC.
Assignee: nobody → gavin.sharp
Attachment #532084 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #532270 - Flags: review?(bzbarsky)
Created attachment 532274 [details] [diff] [review]
patch, with tests
Attachment #532270 - Attachment is obsolete: true
Attachment #532270 - Flags: review?(bzbarsky)
Attachment #532274 - Flags: review?(bzbarsky)
Depends on: 656433
Comment on attachment 532274 [details] [diff] [review]
patch, with tests

r=me
Attachment #532274 - Flags: review?(bzbarsky) → review+
Appreciate this followup work -- my javascript: typing habits thank you!

/be
http://hg.mozilla.org/mozilla-central/rev/2c977d6f8a75
Flags: in-testsuite+
Target Milestone: --- → mozilla6
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Note that there's still a slight annoyance here: the JS loaded in this scenario still won't have an associated window object, so thing like e.g. "javsacript:alert(1+1)" still won't work. We should probably get a followup filed to run them against about:blank somehow.
You need to log in before you can comment on or make changes to this bug.