Closed
Bug 92061
Opened 23 years ago
Closed 23 years ago
can't do window.open("javascript:'some literal'");
Categories
(Core :: Security: CAPS, defect, P2)
Core
Security: CAPS
Tracking
()
VERIFIED
FIXED
mozilla0.9.4
People
(Reporter: jrgmorrison, Assigned: security-bugs)
References
Details
(Whiteboard: patch, need approval)
Attachments
(1 file)
3.88 KB,
patch
|
Details | Diff | Splinter Review |
This is more common than you think. <html> <head> <script> function newWindow () { window.open("javascript:'<a href=http://www.mozilla.org/>mozilla</a>'"); } </script> </head> <body> <form> <input type="button" onclick="newWindow();" value="Open a URL with JS literal"> </form> </body> </html> Gives this warning: Attempt to load a javascript: URL from one host in a window displaying content from another host was blocked by the security manager. which doesn't make much sense (there aren't two "hosts" in this equation). Affects branch build and trunk, I assume because there was a real world example where this could steal your email address or something important.
Assignee | ||
Comment 1•23 years ago
|
||
Ah, looks like a regression caused by my recent security fix. There are two hosts in the equation - the caller and the 'about:blank' of the newly created window.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.4
Assignee | ||
Comment 3•23 years ago
|
||
Assignee | ||
Updated•23 years ago
|
Whiteboard: patch
Comment 5•23 years ago
|
||
about:blank is case sensitive, right? r=rginda
Comment 7•23 years ago
|
||
a=asa on behalf of drivers
Assignee | ||
Comment 8•23 years ago
|
||
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 9•23 years ago
|
||
See attachment #48084 [details], the third one under bug #97841. In build #2001083110 it was blocked by the security manager, due to bug #92061. Because you fixed bug #92061, I expected the attachment to work in build #2001090508. Instead it throws this exception: "Permission denied to set property Window.scriptglobals".
Comment 10•23 years ago
|
||
No need to respond to the above comment here. I filed it as a separate bug: bug #99454.
Comment 11•23 years ago
|
||
Verified on 2001-09-19-03 build on WinNT. The above test runs fine without any error in the JS console.
Status: RESOLVED → VERIFIED
QA Contact: ckritzer → bsharma
You need to log in
before you can comment on or make changes to this bug.
Description
•