Closed Bug 656815 Opened 14 years ago Closed 14 years ago

javascript: URIs refuse to load when channel owner is null

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla6

People

(Reporter: Gavin, Assigned: Gavin)

References

Details

Attachments

(1 file, 2 obsolete files)

patch, with tests
4.79 KB, patch
bzbarsky
: review+
Details | Diff | Splinter Review
See bug 656433 comment 19 and subsequent comments. Once we disallow inheriting of principals for URIs entered in the location bar, it would be nice to continue to allow javascript URIs that simply produce output to continue to work, by having them run against a null principal.
Attached patch patch (obsolete) — Splinter Review
This seems to work (tested with the patch from bug 656433). Is it going to cause any security problems? I don't know!
Attachment #532084 - Flags: feedback?(bzbarsky)
Comment on attachment 532084 [details] [diff] [review] patch We actually depend on this code being the way it is to avoid running JS (even in a sandbox) in some contexts. I'd rather not change that behavior right now. For the bug 656433 thing, we'd want to get a null principal in docshell only.
Attachment #532084 - Flags: feedback?(bzbarsky) → feedback-
Attached patch patch (obsolete) — Splinter Review
As discussed on IRC.
Assignee: nobody → gavin.sharp
Attachment #532084 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #532270 - Flags: review?(bzbarsky)
Attachment #532270 - Attachment is obsolete: true
Attachment #532270 - Flags: review?(bzbarsky)
Attachment #532274 - Flags: review?(bzbarsky)
Depends on: 656433
Comment on attachment 532274 [details] [diff] [review] patch, with tests r=me
Attachment #532274 - Flags: review?(bzbarsky) → review+
Appreciate this followup work -- my javascript: typing habits thank you! /be
http://hg.mozilla.org/mozilla-central/rev/2c977d6f8a75
Flags: in-testsuite+
Target Milestone: --- → mozilla6
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Note that there's still a slight annoyance here: the JS loaded in this scenario still won't have an associated window object, so thing like e.g. "javsacript:alert(1+1)" still won't work. We should probably get a followup filed to run them against about:blank somehow.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: