Closed
Bug 82027
Opened 23 years ago
Closed 23 years ago
Accessing window.history as an array fails
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
VERIFIED
FIXED
mozilla0.9.4
People
(Reporter: security-bugs, Assigned: jst)
References
()
Details
(Keywords: regression, Whiteboard: [HAVE FIX])
Attachments
(3 files)
1.39 KB,
patch
|
Details | Diff | Splinter Review | |
1.39 KB,
patch
|
Details | Diff | Splinter Review | |
1.61 KB,
patch
|
Details | Diff | Splinter Review |
Attempting to access window.history[1], for example, fails in nsStringArraySH::GetProperty. A script should be able (with the right permissions) to access history as an array. As a script needs permissions to do this anyway, it's probably not a high priority to fix.
Assignee | ||
Comment 1•23 years ago
|
||
Assignee | ||
Comment 2•23 years ago
|
||
Assignee | ||
Comment 3•23 years ago
|
||
Of all the typo's one can make... Nominating for mozilla0.9.1
Status: NEW → ASSIGNED
Whiteboard: [HAVE FIX]
Target Milestone: --- → mozilla0.9.1
Comment 4•23 years ago
|
||
why cannot we retarget it to 0.9.2? It doesn't appear to cause crash, topcrash nor it's a major loss of functionality. If you agree, please move to 0.9.2
Assignee | ||
Comment 5•23 years ago
|
||
Moving to mozilla0.9.2
Whiteboard: [HAVE FIX] → [HAVE PARTIAL FIX]
Target Milestone: mozilla0.9.1 → mozilla0.9.2
Assignee | ||
Comment 6•23 years ago
|
||
Moving to mozilla0.9.3
Target Milestone: mozilla0.9.2 → mozilla0.9.3
Updated•23 years ago
|
Target Milestone: mozilla0.9.3 → mozilla0.9.4
Assignee | ||
Comment 7•23 years ago
|
||
Assignee | ||
Comment 8•23 years ago
|
||
Mitch, please have a look at the security manager call in the attached patch, I'm trying to make accessing history[x] equivalent to calling the method history.item(x), did I get that call right?
Assignee | ||
Updated•23 years ago
|
Whiteboard: [HAVE PARTIAL FIX] → [HAVE FIX]
Reporter | ||
Comment 9•23 years ago
|
||
Perfect. We already have a policy in all.js for History.item, so this should work fine.
Assignee | ||
Comment 10•23 years ago
|
||
jband, sr=?
Comment 11•23 years ago
|
||
sr=jband I see you are also going to fix that ugly typo in GetStringAt (that cls so nicely modernized with a NS_PTR_TO_INT32 macro :)
Assignee | ||
Comment 12•23 years ago
|
||
Yeah, that one cracked me up too :-)
a=dbaron on behalf of drivers
Assignee | ||
Comment 14•23 years ago
|
||
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 15•23 years ago
|
||
Mitch, can you verify this one please ????? or just let me know the testcase.
Comment 16•23 years ago
|
||
Verified. I minimised mstoltz testcase & I used this testcode to verify this bug. Following is the code. <html> <head> <title>History Test</title> </head> <body > <h1>History Test</h1> <script> function f() { netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead'); alert(self.history[0].href); } </script> <br><br> 1] Click following button.<br> 2] Grant Universal read priviledge when asked. <br><br> EXPECTED RESULT: You should see alert showing first URL of history array. <br><br> ACTUAL RESULTS: see Javascript console. Permission is denied.<br><br> <form> <input type="button" value="Accessing window.history" onclick="f();"> </form> </body> </html>
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•