As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 784770 - Using view-source protocol in add-on leads to error "Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated"
: Using view-source protocol in add-on leads to error "Exposing chrome JS objec...
Status: RESOLVED DUPLICATE of bug 774633
Product: Core
Classification: Components
Component: XPConnect (show other bugs)
: 15 Branch
: x86 Linux
: -- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: Andrew Overholt [:overholt]
Depends on: 774633
Blocks: 553102
  Show dependency treegraph
Reported: 2012-08-22 12:57 PDT by Georg Koppen
Modified: 2013-06-28 21:50 PDT (History)
6 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

viewsource.xpi (7.87 KB, application/octet-stream)
2012-08-22 12:57 PDT, Georg Koppen
no flags Details

Description User image Georg Koppen 2012-08-22 12:57:44 PDT
Created attachment 654338 [details]

User Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Firefox/17.0
Build ID: 20120822030558

Steps to reproduce:

I installed the attached minimal test xpi which tries to load a view-source URL in a new window

Actual results:

In FF beta and aurora I get:

Error: Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated. See for more information.
Source File: view-source:
Line: 0

And in a nightly I get:

Error: [Exception... "'JavaScript component does not have a method named:
"handleEvent"' when calling method: [nsIDOMEventListener::handleEvent]"
nsresult: "0x80570030 (NS_ERROR_XPC_JSOBJECT_HAS_NO_FUNCTION_NAMED)"  location:
"<unknown>"  data: no]

Expected results:

There should be no error messages.
Comment 1 User image Georg Koppen 2012-08-22 12:59:39 PDT
The issue occurs as well if one tries to load a local files (e.g. PAC files).
Comment 2 User image Boris Zbarsky [:bz] (still a bit busy) 2012-08-22 14:03:32 PDT
Comment 3 User image Jorge Villalobos [:jorgev] 2012-08-22 14:07:28 PDT
Easier STR:

1) Open Scratchpad in Firefox 16.
2) Set the Environment to Browser (you need to set the preference to true).
3) Run this code:
open("view-source:" + "", "", "scrollbars,resizable,chrome,dialog=no,width=450,height=425");

This should show the error, though the source viewer displays with no apparent problems.

Running the same code in the Content environment, or removing the 'chrome' feature in the open call removes the error.
Comment 4 User image Bobby Holley (:bholley) (busy with Stylo) 2012-08-22 14:28:22 PDT
Yeah I'm looking at this. Gimme a few more.
Comment 5 User image Bobby Holley (:bholley) (busy with Stylo) 2012-08-22 15:04:22 PDT
This is bug 774633 :-(

The patches in that bug fix this bug. Now they if only we could get them reviewed. ;-)
Comment 6 User image :Cykesiopka 2013-05-05 15:32:59 PDT
Bug 774633 is fixed now, and the STR in Comment 3 doesn't trigger an error using:
  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130505 Firefox/23.0

So I guess this bug can be resolved?
Comment 7 User image Bobby Holley (:bholley) (busy with Stylo) 2013-06-28 21:50:51 PDT
sounds good to me.

*** This bug has been marked as a duplicate of bug 774633 ***

Note You need to log in before you can comment on or make changes to this bug.