Closed Bug 92061 Opened 23 years ago Closed 23 years ago

can't do window.open("javascript:'some literal'");

Categories

(Core :: Security: CAPS, defect, P2)

Product:
Core
Component:
Security: CAPS
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.4

People

(Reporter: jrgmorrison, Assigned: security-bugs)

References

Details

(Whiteboard: patch, need approval)

Attachments

(1 file)

Patch - allow targeted JS URL if target is about:blank
3.88 KB, patch
Details | Diff | Splinter Review 
This is more common than you think.

<html>
<head>
<script>
  function newWindow () {
    window.open("javascript:'<a href=http://www.mozilla.org/>mozilla</a>'");
  }
</script>
</head>
<body>
  <form>
    <input type="button" onclick="newWindow();" 
           value="Open a URL with JS literal">
  </form>
</body>
</html>


Gives this warning:

  Attempt to load a javascript: URL from one host in a window displaying 
  content from another host was blocked by the security manager.

which doesn't make much sense (there aren't two "hosts" in this equation).

Affects branch build and trunk, I assume because there was a real world example 
where this could steal your email address or something important.
Ah, looks like a regression caused by my recent security fix. There are two
hosts in the equation - the caller and the 'about:blank' of the newly created
window.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.4
Target is now 0.9.4, Priority P2.
Priority: -- → P2
Blocks: 91477
Whiteboard: patch
*** Bug 91477 has been marked as a duplicate of this bug. ***
about:blank is case sensitive, right?

r=rginda
Verbal sr=jst. Needs a=.
Whiteboard: patch → patch, need approval
a=asa on behalf of drivers
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
See attachment #48084 [details], the third one under bug #97841.  In build
#2001083110 it was blocked by the security manager, due to bug
#92061.  Because you fixed bug #92061, I expected the attachment
to work in build #2001090508.  Instead it throws this exception:
"Permission denied to set property Window.scriptglobals".
No need to respond to the above comment here.

I filed it as a separate bug: bug #99454.
Verified on 2001-09-19-03 build on WinNT.

The above test runs fine without any error in the JS console.
Status: RESOLVED → VERIFIED
QA Contact: ckritzer → bsharma
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: