Closed Bug 93127 Opened 24 years ago Closed 24 years ago

capability.policy doesn't work through javascript src=

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: jmd, Assigned: security-bugs)

References

(
URL
)

Details

At the URL, there is the code: <script language=javascript src="http://www.vibrantmedia.com/ads/popads.asp?popid=2"></script> that URL contains 1 line: document.write('<script language=javascript src="http://www.vibrantmedia.com/ads/theregister.js"></script>'); /THAT/ URL contains a bunch of crap, which boils down to: window.open("http://www.vibrantmedia.com/ads/popunder.asp?popid=2&Z3NwYWNlaHRtbC5kYXQ="+randnum, VMAD, width=blahblah) Which I can't seem to retrive manually, some thing with +randnum. It eventually loads a page off the server ads.x10.com So I put in my prefs.js: user_pref("capability.policy.popupsites.sites", "http://www.vibrantmedia.com http://ads.x10.com http://www.theregister.co.uk");user_pref("capability.policy.popupsites.window.open", "noAccess"); I don't know which of those three sites need to be in there (hopefully the original page the user is viewing), so I put in all three. Still get the popup.
Hrm. window != Window as long as case-sensitivity is desired, INVALID. Otherwise, make this the tolower() prefs bug.
.
Assignee: asa → mstoltz
Component: Browser-General → Security: CAPS
QA Contact: doronr → ckritzer
I don't know if case-sensitivity is desired, but if you think so, please file a separate bug.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → INVALID
Marking verified as per above developer comments.
Status: RESOLVED → VERIFIED
QA Contact: ckritzer → bsharma
You need to log in before you can comment on or make changes to this bug.