Hi,

A few months ago, I posted this message :
http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/d95d4d9d82959739/da0875e5639698c2?lnk=gst&q=signed+jar#da0875e5639698c2

I wanted to call JavaScript methods that require special Firefox 
privileges from a JSP page

I finally succeeded using this method :
- I created a simple HTML file
- I wrote my JS functions in this HTML file. For example : "function 
verifExistenceFenetre(nomFenetre) { ... }"
- I included this HTML file in a signed jar
- In my JSP page that have to call these functions, I wrote :

<object type="text/html" data="jar:<%= 
request.getContextPath()%>/js/jsAvecPrivileges.jar!/jsUtilsAvecPrivileges.html" 
width="0px" height="0px" name="jsUtilsAvecPrivileges">
</object>

<script type='text/javascript'>
<!--
    var jsPriv;
    function initJsPriv() {
            jsPriv = 
document.getElementsByName("jsUtilsAvecPrivileges")[0].contentDocument.defaultView;
    }
-->
</script>

=> Then, I can call "jsPriv.verifExistenceFenetre(nomFenetre)" from the 
JSP page.


That worked nice on Firefox 2.0.0.14 and previews. But in 2.0.0.15 and 
3.0.0.1, I get the following error :

Permission refusée d'obtenir la propriété HTMLDocument.defaultView
http://portable.armor-technologies.net:8080/gcm-web-patients/faces/index.jsp
Line 319 :
317 function initJsPriv() {
318
319 jsPriv = 
document.getElementsByName("jsUtilsAvecPrivileges")[0].contentDocument.defaultView;
320
321 }

I wonder if this could be due to vulnerability correction in Firefox 
2.0.0.15 : http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
==> But now, how can I get it work again ?

Thanks for any help...
The problem happens on a production webapp, and we can't upgrade Firefox 
until this problem is solved, which is very annoying...

_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security

Reply via email to