Closed Bug 92061 Opened 24 years ago Closed 24 years ago

can't do window.open("javascript:'some literal'");

Categories

(Core :: Security: CAPS, defect, P2)

Product:
Core
Component:
Security: CAPS
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.4

People

(Reporter: jrgmorrison, Assigned: security-bugs)

References

Details

(Whiteboard: patch, need approval)

Attachments

(1 file)

Patch - allow targeted JS URL if target is about:blank
3.88 KB, patch
Details | Diff | Splinter Review
This is more common than you think. <html> <head> <script> function newWindow () { window.open("javascript:'<a href=http://www.mozilla.org/>mozilla</a>'"); } </script> </head> <body> <form> <input type="button" onclick="newWindow();" value="Open a URL with JS literal"> </form> </body> </html> Gives this warning: Attempt to load a javascript: URL from one host in a window displaying content from another host was blocked by the security manager. which doesn't make much sense (there aren't two "hosts" in this equation). Affects branch build and trunk, I assume because there was a real world example where this could steal your email address or something important.
Ah, looks like a regression caused by my recent security fix. There are two hosts in the equation - the caller and the 'about:blank' of the newly created window.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.4
Target is now 0.9.4, Priority P2.
Priority: -- → P2
Blocks: 91477
Whiteboard: patch
*** Bug 91477 has been marked as a duplicate of this bug. ***
about:blank is case sensitive, right? r=rginda
Verbal sr=jst. Needs a=.
Whiteboard: patch → patch, need approval
a=asa on behalf of drivers
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
See attachment #48084 [details], the third one under bug #97841. In build #2001083110 it was blocked by the security manager, due to bug #92061. Because you fixed bug #92061, I expected the attachment to work in build #2001090508. Instead it throws this exception: "Permission denied to set property Window.scriptglobals".
No need to respond to the above comment here. I filed it as a separate bug: bug #99454.
Verified on 2001-09-19-03 build on WinNT. The above test runs fine without any error in the JS console.
Status: RESOLVED → VERIFIED
QA Contact: ckritzer → bsharma
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: