JavaScript evaluation "permission denied" after navigation to a different domain

RESOLVED FIXED in Firefox 15



Developer Tools: Console
6 years ago
5 years ago


(Reporter: msucan, Assigned: msucan)


Firefox 15

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [fixed-in-fx-team])


(1 attachment)



6 years ago

1. Open a tab.
2. Go to
3. Open the Web Console.
4. Execute: window.location.href; (it works)
5. Go to
6. Execute the same code as in step 3. (it works)
7. Press the history back button or Alt-Left, to go back to Google.
8. Execute the same code a sin step 3.

Expected result: it works.

Actual result: [13:45:33.028] Error: Permission denied to access property 'href'.

Problem: location changes are not detected by the Web Console if the page doesn't reload (bfcached).

Code problem: we need to call hud.reattachConsole(newWindowObject) when the location change is detected, such that the sandbox is updated. Please see the ConsoleProgressListener in HUDService.jsm and how HUDService.windowInitializer() calls hud.reattachConsole() when needed (for top level windows only).

This bug can be reproduced with Firefox 4+, including Fx7 nightlies.

Comment 1

6 years ago
This bug is fixed by the work being done in bug 673148.
filter on pegasus.
Priority: -- → P2

Comment 3

5 years ago
This works for me in current Nightly.

Comment 4

5 years ago
I can still reproduce the bug. Local Firefox build from today's fx-team repo (running on Linux).


5 years ago
Assignee: nobody → mihai.sucan
Component: Developer Tools → Developer Tools: Console
QA Contact: →

Comment 5

5 years ago
Created attachment 629586 [details] [diff] [review]
proposed fix

Proposed fix.

Track the sandbox location. Recreate the sandbox whenever the page location is changed. Included a test that I hope won't introduce oranges.

Try push:
Attachment #629586 - Flags: review?(past)

Comment 6

5 years ago
Before the Web Console async patches (bug 673148) we were tracking the content window global creation and we were updating the sandbox whenever a new global was created for the tabs where web consoles were open. However, go back/forward did not invoke the listener we had, because no content window global was created, it was just going through previous pages stored in memory. Sandbox evaluation failed because attempts were considered to be cross-domain - every sandbox we create is associated to a specific window object and we get the page permissions in the sandbox.

Now with the Web Console async patches landed even normal navigation to a page from a different domain causes the "permission denied" error. The STR in comment 0 fails at step 6.

The proposed fix is simple, well understood (hopefully), risk free and it's not a rush job - it's how I'd see it fixed. Different proposals are welcome.

Looking forward to your review. Thank you!
Priority: P2 → P1
Summary: Web Console fails to track page back/forward → JavaScript evaluation "permission denied" after navigation to a different domain
Comment on attachment 629586 [details] [diff] [review]
proposed fix

Review of attachment 629586 [details] [diff] [review]:

Looks good, thanks for the detailed description of the changes!
Attachment #629586 - Flags: review?(past) → review+
Whiteboard: [fixed-in-fx-team]
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 15
You need to log in before you can comment on or make changes to this bug.