document.write does not work in devtools scratchpad and console




Developer Tools
6 years ago
a year ago


(Reporter: Tobbi, Unassigned)



Firefox Tracking Flags

(Not tracked)


(Whiteboard: [testday-20110610])


(1 attachment)



6 years ago
When entering document.write("Something") inside the Scratchpad, you keep getting the not very descriptive error message 'Security error undefined'.

1. Go to Nightly > Web Developer > Scratchpad.
2. Enter document.write("test"); into the window and press Ctrl+R in order to run the code.
3. You get 'Security error undefined' in the Web Console window.

Expected behavior:
More descriptive error message. Web console window brings up 
[17:50:54.781] document.write("test");
[17:50:54.785] [Exception... "Security error"  code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location: "Web Console Line: 1"]
When doing this in Aurora I get

[16:45:11.093] An attempt was made to use an object that is not, or is no longer, usable

for doing the same steps as Tobbi
FWIW, the same security error is present in Firefox 4.0.1.

Comment 3

6 years ago
(In reply to comment #1)
> When doing this in Aurora I get
> --
> [16:45:11.093] An attempt was made to use an object that is not, or is no
> longer, usable
> undefined:1
> for doing the same steps as Tobbi

This error seems reasonable to me.
Depends on: 632796

Comment 4

6 years ago
I get the same nasty message as the reporter in the latest nightly...

Comment 5

6 years ago
Created attachment 558649 [details]
gdb backtrace from calling document.write(1)

This appears to be another bug from running WebConsole / ScratchPad in a sandbox. I've attached gdb output from running document.write(1) in Web Console. The problematic lines of code are in nsHTMLDocument.cpp [1]

1572   // Note: We want to use GetDocumentFromContext here because this document
1573   // should inherit the security information of the document that's opening us,
1574   // (since if it's secure, then it's presumably trusted).
1575   nsCOMPtr<nsIDocument> callerDoc =
1576     do_QueryInterface(nsContentUtils::GetDocumentFromContext());
1577   if (!callerDoc) {
1578     // If we're called from C++ or in some other way without an originating
1579     // document we can't do a w/o changing the principal of the
1580     // document to something like about:blank (as that's the only sane thing to
1581     // do when we don't know the origin of this call), and since we can't
1582     // change the principals of a document for security reasons we'll have to
1583     // refuse to go ahead with this call.
1585     return NS_ERROR_DOM_SECURITY_ERR;
1586   }

nsContentUtils::GetDocumentFromContext() returns NULL/0x0 due to nsJSUtils::GetDynamicScriptGlobal(cx) being NULL like in bug# 647727 . [2]

[1] -
[2] -
Out of curiosity, what's the intended result for a document.write from the web console or scratchpad? It's going to blow away the current document in favor of a new one (in fact, if you look at the stacktrace, it's that's throwing the exception). I suspect that this is pretty strongly related to bug 647727.

Comment 7

6 years ago
FWIW, Firebug and Chrome both blow away the document. They also appear to both get into mostly useless states (the HTML panel in Firebug is empty, in Chrome it's got the old document). The new document is accessible via the console though.

So, it seems like that is the behavior people are expecting. I'd be curious to know what tasks people are trying to accomplish by doing document.write in those contexts...
Duplicate of this bug: 632796
This is also an issue with the web console.
now I just get the more awesome:

Exception: The operation is insecure.

in Scratchpad. Nothing on the consoles.
Component: Developer Tools → Developer Tools: Scratchpad
Priority: -- → P3
This is back to producing the error "Exception: An attempt was made to use an object that is not, or is no longer, usable", maybe as a result of bug 825039 landing?
This error is present in the toolbar as well as in scratchpad. Should we move it back to the generic devtools component?
I also think this bug (and the main problem) is about the document.write method not working, not necessarily about the error message itself.
I will change it accordingly.
Component: Developer Tools: Scratchpad → Developer Tools
Summary: Using document.write inside Scratchpad window brings up 'Security error undefined' in Web Console → document.write does not work in devtools scratchpad and console

Comment 13

3 years ago
Will this bug be fixed for Firefox console and scrathpad? Firebug console on Firefox or Chrome/Chromium console can use document.write without problem.

Comment 14

a year ago
It seems fixed, I can use document.write(document.body.innerHTML) in the console of latest Firefox. Tested on Firefox 44.0 on Xubuntu 14.04 LTS and Tor Browser 5.0.4 (based on Mozilla Firefox 38.4.0). Anyone knows since which version it is fixed?

Comment 15

a year ago
Also works on Firefox Scratchpad. PS: document.write(document.body.innerHTML) is useful to force HTML displays if Firefox is showing a blank web page when some assets are not loading but the source code has already been loaded. Here is an alternative I used when the bug was present: document.location = "data:text/html;charset=utf-8," + encodeURIComponent(document.body.innerHTML)
I agree it appears to work now.  Thanks for testing again!
Last Resolved: a year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.