Using view-source protocol in add-on leads to error "Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated"

RESOLVED DUPLICATE of bug 774633

Status

()

Core
XPConnect
RESOLVED DUPLICATE of bug 774633
5 years ago
4 years ago

People

(Reporter: Georg Koppen, Unassigned)

Tracking

15 Branch
x86
Linux
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

7.87 KB, application/octet-stream
Details
(Reporter)

Description

5 years ago
Created attachment 654338 [details]
viewsource.xpi

User Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Firefox/17.0
Build ID: 20120822030558

Steps to reproduce:

I installed the attached minimal test xpi which tries to load a view-source URL in a new window


Actual results:

In FF beta and aurora I get:

Error: Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated. See https://developer.mozilla.org/en/XPConnect_wrappers for more information.
Source File: view-source:http://getfoxyproxy.org/downloads.html
Line: 0

And in a nightly I get:

Error: [Exception... "'JavaScript component does not have a method named:
"handleEvent"' when calling method: [nsIDOMEventListener::handleEvent]"
nsresult: "0x80570030 (NS_ERROR_XPC_JSOBJECT_HAS_NO_FUNCTION_NAMED)"  location:
"<unknown>"  data: no]




Expected results:

There should be no error messages.
(Reporter)

Comment 1

5 years ago
The issue occurs as well if one tries to load a local files (e.g. PAC files).
Blocks: 553102
Bobby?
Component: General → XPConnect
Easier STR:

1) Open Scratchpad in Firefox 16.
2) Set the Environment to Browser (you need to set the devtools.chrome.enabled preference to true).
3) Run this code:
open("view-source:" + "http://getfoxyproxy.org/downloads.html", "", "scrollbars,resizable,chrome,dialog=no,width=450,height=425");

This should show the error, though the source viewer displays with no apparent problems.

Running the same code in the Content environment, or removing the 'chrome' feature in the open call removes the error.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Yeah I'm looking at this. Gimme a few more.
This is bug 774633 :-(

The patches in that bug fix this bug. Now they if only we could get them reviewed. ;-)
Depends on: 774633

Comment 6

4 years ago
Bug 774633 is fixed now, and the STR in Comment 3 doesn't trigger an error using:
  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130505 Firefox/23.0

So I guess this bug can be resolved?

Updated

4 years ago
Flags: needinfo?
sounds good to me.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Flags: needinfo?
Resolution: --- → DUPLICATE
Duplicate of bug: 774633
You need to log in before you can comment on or make changes to this bug.