Closed Bug 769182 Opened 8 years ago Closed 8 years ago

Cross-origin window.open calls in <iframe mozbrowser> don't load the src

Categories

(Firefox OS Graveyard :: General, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: etienne, Assigned: justin.lebar+bug)

References

Details

Attachments

(2 files)

If we don't

  evt.detail.frameElement.src = evt.detail.url;

Nothing loads.
Blocks: 742944
Hm.  I test this in dom/browser-element/mochitest/browserElement_OpenWindow.js, and it seems to work.  I'll have a look at the relevant Gaia code...
Testing in desktop b2g: If I don't set src in popup_manager.js, I indeed get a blank popup.  But if the popup sends alerts, we still get them (try clicking on window.open(url, name, 'background')).  (This is what my test is checking for.)

So it seems that the page is /loaded/, but is not /displayed/.
Assignee: nobody → justin.lebar+bug
Summary: Gaia still need to load the url itself with window.open in <iframe mozbrowser> → If the page inside <iframe mozbrowser> does window.open and then the embedder doesn't set iframe.src, the page loads, but is not displayed
(In reply to Justin Lebar [:jlebar] from comment #2)
> Testing in desktop b2g: If I don't set src in popup_manager.js, I indeed get
> a blank popup.  But if the popup sends alerts, we still get them (try
> clicking on window.open(url, name, 'background')).  (This is what my test is
> checking for.)
> 

If you open with the "background" feature the popup_manager.js will not see it. The background_service.js will.
> If you open with the "background" feature the popup_manager.js will not see it. The 
> background_service.js will.

Oh.  That's a lot more sensible...
Okay, we're failing nsDocShell::CheckLoadingPermissions.
Summary: If the page inside <iframe mozbrowser> does window.open and then the embedder doesn't set iframe.src, the page loads, but is not displayed → If the page inside <iframe mozbrowser> does window.open and then the embedder doesn't set iframe.src, the page doesn't load
So here's how to write a failing test for this:

 1) Test page is at origin A.
 2) Create <iframe mozbrowser id="b"> at origin B.
 3) b calls window.open(origin C), creating <iframe mozbrowser id="c">.

In fact, origin B can equal origin C and the test will still fail -- what's important is that origin A != origin B.  The reason is, when we create iframe c, it initially has an about:blank page with principal A, which it gets from its parent (until I change this in bug 764718)!  So then the same-origin check succeeds if A == C.
Attached patch Patch v1Splinter Review
Attachment #638495 - Flags: review?(bzbarsky)
Attached patch Part 2: TestsSplinter Review
Attachment #638496 - Flags: review?(bzbarsky)
Summary: If the page inside <iframe mozbrowser> does window.open and then the embedder doesn't set iframe.src, the page doesn't load → Cross-origin window.open calls in <iframe mozbrowser> don't load the src
Pull request to fix the damage from this bug in Gaia: https://github.com/mozilla-b2g/gaia/pull/2124
Comment on attachment 638495 [details] [diff] [review]
Patch v1

Actually, this patch is entirely reverted in bug 771273, so I don't need a review here.
Attachment #638495 - Flags: review?(bzbarsky)
Depends on: 771273
Comment on attachment 638496 [details] [diff] [review]
Part 2: Tests

r=me
Attachment #638496 - Flags: review?(bzbarsky) → review+
Depends on: 772076
https://hg.mozilla.org/mozilla-central/rev/4a5066917277
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.