793047 - URL and SSL spoofing with onunload/onblur handlers that open/close tabs

Status: RESOLVED DUPLICATE of bug 700080

(Firefox :: Tabbed Browser, defect)

Description

[:Gavin Sharp [email: gavin@gavinsharp.com]]

Reported by Jordi Chancel in bug 700080 comment 63 (bug 700080 is a previous version of this problem).

Test case in attachment 661832 [details].

Comment 1

[:Gavin Sharp [email: gavin@gavinsharp.com]]

I can't reproduce in Aurora or Nightly, because the testcase has a syntax error:

Error: SyntaxError: syntax error
Source File: https://bug700080.bugzilla.mozilla.org/attachment.cgi?id=661832&t=yAgDc2pm83
Line: 5, Column: 54
Source Code:
var dataUrl1 = "data:text/html," + encodeURIComponent(<><![CDATA[ 

I assume this is because we disabled e4x, and should be easy enough to fix.

I can reproduce the bug in beta, but bug 391834/bug 700080 aren't fixed there.

Comment 2

[:Gavin Sharp [email: gavin@gavinsharp.com]]

Attachment: testcase that doesn't depend on e4x

With this tweaked version of the testcase that doesn't rely on E4X, I can reproduce on beta, but not on Aurora or Nightly. I think that means that this is just a duplicate of bug 700080.

Comment 3

[:Gavin Sharp [email: gavin@gavinsharp.com]]

Jordi, can you confirm that this issue is FIXED in Aurora and Beta builds?

Comment 4

[:Gavin Sharp [email: gavin@gavinsharp.com]]

(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #3)
> Jordi, can you confirm that this issue is FIXED in Aurora and Beta builds?

Sorry, I meant just Aurora builds. It is known that this isn't fixed on Beta.