Closed Bug 91215 Opened 23 years ago Closed 23 years ago

Need a way to allow/deny access to Class[any number]

Categories

(Core :: Security: CAPS, enhancement, P2)

Product:
Core
Component:
Security: CAPS
Platform:
x86
Windows NT
Type:
enhancement

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.7

People

(Reporter: jruderman, Assigned: security-bugs)

References

Details

There should be a way to allow or disallow using an object as an array, using configurable security policies. Right now I can't even figure out how to allow it using a line for each array index: setting "Window.0" to allAccess doesn't allow access to window[0] or window["0"]. Ideally, it would be possible to allow access to the entire array using one line, but I'm not sure what the line should be. One example of how this would be useful: In bug 45099, jim@inkra.com wants to set his prefs to allow a web page to access the "top.frames" array, but in bug 59523, Mitch said he couldn't figure out how to allow access to window.frames[number] without also allowing access to all script globals. (Note that window == window.frames.)
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
Target is now 0.9.4, Priority P2.
Priority: -- → P2
Target Milestone: mozilla1.0 → mozilla0.9.4
Blocks: 92847
Blocks: 52920
Moving to 0.9.5.
Target Milestone: mozilla0.9.4 → mozilla0.9.5
time marches on. Retargeting to 0.9.6.
Target Milestone: mozilla0.9.5 → mozilla0.9.6
Moving the most time-critical bugs and minor security fixes to 0.9.7
Target Milestone: mozilla0.9.6 → mozilla0.9.7
Bug 52920 fixes this for the window object - access to numbered properties or proerties that are themselves window objects are now not checked. I don't think there's a need to implement a general fix for XPConnected objects, so I'm marking this fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Marking verified as per above developer comments.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.