Closed
Bug 82027
Opened 23 years ago
Closed 23 years ago
Accessing window.history as an array fails
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
VERIFIED
FIXED
mozilla0.9.4
People
(Reporter: security-bugs, Assigned: jst)
References
()
Details
(Keywords: regression, Whiteboard: [HAVE FIX])
Attachments
(3 files)
|
1.39 KB,
patch
|
Details | Diff | Splinter Review | |
|
1.39 KB,
patch
|
Details | Diff | Splinter Review | |
|
1.61 KB,
patch
|
Details | Diff | Splinter Review |
Attempting to access window.history[1], for example, fails in nsStringArraySH::GetProperty. A script should be able (with the right permissions) to access history as an array. As a script needs permissions to do this anyway, it's probably not a high priority to fix.
|
Assignee | |
Comment 1•23 years ago
|
||
|
|
Assignee | |
Comment 2•23 years ago
|
||
|
|
Assignee | |
Comment 3•23 years ago
|
||
Of all the typo's one can make... Nominating for mozilla0.9.1
Status: NEW → ASSIGNED
Whiteboard: [HAVE FIX]
Target Milestone: --- → mozilla0.9.1
|
||
Comment 4•23 years ago
|
||
why cannot we retarget it to 0.9.2? It doesn't appear to cause crash, topcrash nor it's a major loss of functionality. If you agree, please move to 0.9.2
|
|
Assignee | |
Comment 5•23 years ago
|
||
Moving to mozilla0.9.2
Whiteboard: [HAVE FIX] → [HAVE PARTIAL FIX]
Target Milestone: mozilla0.9.1 → mozilla0.9.2
|
|
Assignee | |
Comment 6•23 years ago
|
||
Moving to mozilla0.9.3
Target Milestone: mozilla0.9.2 → mozilla0.9.3
|
||
Updated•23 years ago
|
Target Milestone: mozilla0.9.3 → mozilla0.9.4
|
|
Assignee | |
Comment 7•23 years ago
|
||
|
|
Assignee | |
Comment 8•23 years ago
|
||
Mitch, please have a look at the security manager call in the attached patch, I'm trying to make accessing history[x] equivalent to calling the method history.item(x), did I get that call right?
|
|
Assignee | |
Updated•23 years ago
|
Whiteboard: [HAVE PARTIAL FIX] → [HAVE FIX]
|
Reporter | |
Comment 9•23 years ago
|
||
Perfect. We already have a policy in all.js for History.item, so this should work fine.
|
|
Assignee | |
Comment 10•23 years ago
|
||
jband, sr=?
|
||
Comment 11•23 years ago
|
||
sr=jband I see you are also going to fix that ugly typo in GetStringAt (that cls so nicely modernized with a NS_PTR_TO_INT32 macro :)
|
|
Assignee | |
Comment 12•23 years ago
|
||
Yeah, that one cracked me up too :-)
a=dbaron on behalf of drivers
|
|
Assignee | |
Comment 14•23 years ago
|
||
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
||
Comment 15•23 years ago
|
||
Mitch, can you verify this one please ????? or just let me know the testcase.
|
|
||
Comment 16•23 years ago
|
||
Verified. I minimised mstoltz testcase & I used this testcode to verify this
bug. Following is the code.
<html>
<head>
<title>History Test</title>
</head>
<body >
<h1>History Test</h1>
<script>
function f() {
netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead');
alert(self.history[0].href);
}
</script>
<br><br>
1] Click following button.<br>
2] Grant Universal read priviledge when asked.
<br><br>
EXPECTED RESULT: You should see alert showing first URL of history array.
<br><br>
ACTUAL RESULTS: see Javascript console. Permission is denied.<br><br>
<form>
<input type="button" value="Accessing window.history" onclick="f();">
</form>
</body>
</html>Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•