Closed Bug 99454 Opened 23 years ago Closed 19 years ago

Permission denied to set property Window.scriptglobals

Categories

(Core :: Security: CAPS, defect, P2)

Product:
Core
Component:
Security: CAPS
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Milestone:
Future

People

(Reporter: munyer, Assigned: security-bugs)

Details

Attachments

(2 files)

test case for Window.scriptglobals "Permission denied" bug
592 bytes, text/html
Details
a better test case -- this one shows two alerts
683 bytes, text/html
Details 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC; en-US; rv:0.9.4+) Gecko/20010912
BuildID:    2001091208

If document.write tries to create a document with an onLoad
handler, and the document which is being replaced was part
of a "javascript:" URL, the script will throw this error:

Error: uncaught exception: Permission denied to set property Window.scriptglobals

Reproducible: Always
Steps to Reproduce:
1. View the attached HTML document.

Actual Results:  The new window is opened, but there is no alert.

Expected Results:  A new window is opened, and an alert says "hello."

This works correctly in NN 4 and in MSIE 4/5/6.
Ummmmm....when I view that testcase file I get a new window with 
javascript:'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd"><TITLE></TITLE><META
HTTP-EQUIV="Content-Script-Type" CONTENT="text/javascript"><BODY
onLoad="opener.bar ()"><P>'
in the location bar. Nothing appears in the body. Is this right?
Yes, you're supposed to get that new window with no visible body.
Immediately after loading, this new window fires its onLoad
handler, which calls a function in the original window, which
tries to use document.write to put a new document into the new
window.  This document.write works OK in other browsers, but
throws an exception in Mozilla.  (It works OK in Mozilla if you
remove the onLoad handler; somehow the attempt to install this
handler is interpreted as a security violation).

I'll attach a better test case below.  This one shows two alerts
in NN 4 or MSIE 4/5/6; in Mozilla the two alerts never happen.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Confirmed. This is an odd sequence of events - do you really need to be able to
document.write an onLoad handler onto a javascript: page? Is this blocking the
development of your site? Or is this just a hypothetical situation you
happenened upon?
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
I chose severity "normal" deliberately.  It's not a sole blocker,
but it's not just hypothetical either.  Severity "minor" requires
an easy work-around -- but the work-around for this one involves
server-side programming, so it doesn't really qualify as "easy."

onLoad inside document.write is very important because it's the
only good way to delay the use of calculated properties (such as
document.height) until the calculation is complete.

Providing initial content via "javascript:" URL is important
because it avoids HTTP requests and unnecessary server-side
processing.  document.write does not work well for initial
content, because of timing issues in some browsers (see
<http://groups.google.com/groups?threadm=z5Kf7.784%24uC2.370151%40typhoon1.gnilink.net>
and other recent threads in comp.lang.javascript).
Priority: -- → P2
Target Milestone: mozilla1.0 → mozilla0.9.6
Less important bugs retargeted to 0.9.9
Target Milestone: mozilla0.9.6 → mozilla0.9.9
Moving Netscape owned 0.9.9 and 1.0 bugs that don't have an nsbeta1, nsbeta1+,
topembed, topembed+, Mozilla0.9.9+ or Mozilla1.0+ keyword.  Please send any
questions or feedback about this to adt@netscape.com.  You can search for
"Moving bugs not scheduled for a project" to quickly delete this bugmail.
Target Milestone: mozilla0.9.9 → mozilla1.2
Target Milestone: mozilla1.2alpha → Future
This bug is targeted at a Mac classic platform/OS, which is no longer supported
by mozilla.org. Please re-target it to another platform/OS if this bug applies
there as well or resolve this bug.

I will resolve this bug as WONTFIX in four weeks if no action has been taken.
To filter this and similar messages out, please filter for "mac_cla_reorg".
OS: Mac System 9.x → All
Hardware: Macintosh → All
This is All/All and seems to work in WinXPSP2 for Firefox 1.0.4. Works For Me?
works for me. please reopen if you disagree.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: