Closed Bug 664688 Opened 13 years ago Closed 12 years ago

JavaScript evaluation "permission denied" after navigation to a different domain

Categories

(DevTools :: Console, defect, P1)

Product:
DevTools
Component:
Console
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Firefox 15

People

(Reporter: msucan, Assigned: msucan)

Details

(Whiteboard: [fixed-in-fx-team])

Attachments

(1 file)

proposed fix
8.89 KB, patch
past
: review+
Details | Diff | Splinter Review 
STR:

1. Open a tab.
2. Go to www.google.com.
3. Open the Web Console.
4. Execute: window.location.href; (it works)
5. Go to www.mozilla.com.
6. Execute the same code as in step 3. (it works)
7. Press the history back button or Alt-Left, to go back to Google.
8. Execute the same code a sin step 3.

Expected result: it works.

Actual result: [13:45:33.028] Error: Permission denied to access property 'href'.

Problem: location changes are not detected by the Web Console if the page doesn't reload (bfcached).

Code problem: we need to call hud.reattachConsole(newWindowObject) when the location change is detected, such that the sandbox is updated. Please see the ConsoleProgressListener in HUDService.jsm and how HUDService.windowInitializer() calls hud.reattachConsole() when needed (for top level windows only).

This bug can be reproduced with Firefox 4+, including Fx7 nightlies.
This bug is fixed by the work being done in bug 673148.
filter on pegasus.
Priority: -- → P2
This works for me in current Nightly.
I can still reproduce the bug. Local Firefox build from today's fx-team repo (running on Linux).
Assignee: nobody → mihai.sucan
Status: NEW → ASSIGNED
Component: Developer Tools → Developer Tools: Console
QA Contact: developer.tools → developer.tools.console
Attached patch proposed fixSplinter Review 
Proposed fix.

Track the sandbox location. Recreate the sandbox whenever the page location is changed. Included a test that I hope won't introduce oranges.

Try push:
https://tbpl.mozilla.org/?tree=Try&rev=517f806346ee
Attachment #629586 - Flags: review?(past)
Before the Web Console async patches (bug 673148) we were tracking the content window global creation and we were updating the sandbox whenever a new global was created for the tabs where web consoles were open. However, go back/forward did not invoke the listener we had, because no content window global was created, it was just going through previous pages stored in memory. Sandbox evaluation failed because attempts were considered to be cross-domain - every sandbox we create is associated to a specific window object and we get the page permissions in the sandbox.

Now with the Web Console async patches landed even normal navigation to a page from a different domain causes the "permission denied" error. The STR in comment 0 fails at step 6.

The proposed fix is simple, well understood (hopefully), risk free and it's not a rush job - it's how I'd see it fixed. Different proposals are welcome.

Looking forward to your review. Thank you!
Priority: P2 → P1
Summary: Web Console fails to track page back/forward → JavaScript evaluation "permission denied" after navigation to a different domain
Comment on attachment 629586 [details] [diff] [review]
proposed fix

Review of attachment 629586 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good, thanks for the detailed description of the changes!
Attachment #629586 - Flags: review?(past) → review+
https://hg.mozilla.org/mozilla-central/rev/482e07a4fb05
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 15
Product: Firefox → DevTools
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: