Last Comment Bug 784770 - Using view-source protocol in add-on leads to error "Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated"
: Using view-source protocol in add-on leads to error "Exposing chrome JS objec...
Status: RESOLVED DUPLICATE of bug 774633
:
Product: Core
Classification: Components
Component: XPConnect (show other bugs)
: 15 Branch
: x86 Linux
: -- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
Depends on: 774633
Blocks: 553102
  Show dependency treegraph
 
Reported: 2012-08-22 12:57 PDT by Georg Koppen
Modified: 2013-06-28 21:50 PDT (History)
6 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
viewsource.xpi (7.87 KB, application/octet-stream)
2012-08-22 12:57 PDT, Georg Koppen
no flags Details

Description Georg Koppen 2012-08-22 12:57:44 PDT
Created attachment 654338 [details]
viewsource.xpi

User Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Firefox/17.0
Build ID: 20120822030558

Steps to reproduce:

I installed the attached minimal test xpi which tries to load a view-source URL in a new window


Actual results:

In FF beta and aurora I get:

Error: Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated. See https://developer.mozilla.org/en/XPConnect_wrappers for more information.
Source File: view-source:http://getfoxyproxy.org/downloads.html
Line: 0

And in a nightly I get:

Error: [Exception... "'JavaScript component does not have a method named:
"handleEvent"' when calling method: [nsIDOMEventListener::handleEvent]"
nsresult: "0x80570030 (NS_ERROR_XPC_JSOBJECT_HAS_NO_FUNCTION_NAMED)"  location:
"<unknown>"  data: no]




Expected results:

There should be no error messages.
Comment 1 Georg Koppen 2012-08-22 12:59:39 PDT
The issue occurs as well if one tries to load a local files (e.g. PAC files).
Comment 2 Boris Zbarsky [:bz] 2012-08-22 14:03:32 PDT
Bobby?
Comment 3 Jorge Villalobos [:jorgev] 2012-08-22 14:07:28 PDT
Easier STR:

1) Open Scratchpad in Firefox 16.
2) Set the Environment to Browser (you need to set the devtools.chrome.enabled preference to true).
3) Run this code:
open("view-source:" + "http://getfoxyproxy.org/downloads.html", "", "scrollbars,resizable,chrome,dialog=no,width=450,height=425");

This should show the error, though the source viewer displays with no apparent problems.

Running the same code in the Content environment, or removing the 'chrome' feature in the open call removes the error.
Comment 4 Bobby Holley (PTO through June 13) 2012-08-22 14:28:22 PDT
Yeah I'm looking at this. Gimme a few more.
Comment 5 Bobby Holley (PTO through June 13) 2012-08-22 15:04:22 PDT
This is bug 774633 :-(

The patches in that bug fix this bug. Now they if only we could get them reviewed. ;-)
Comment 6 :Cykesiopka 2013-05-05 15:32:59 PDT
Bug 774633 is fixed now, and the STR in Comment 3 doesn't trigger an error using:
  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130505 Firefox/23.0

So I guess this bug can be resolved?
Comment 7 Bobby Holley (PTO through June 13) 2013-06-28 21:50:51 PDT
sounds good to me.

*** This bug has been marked as a duplicate of bug 774633 ***

Note You need to log in before you can comment on or make changes to this bug.