#2296: Permission denied error when clicking on files in file browser under
domain
relaxation
------------------------+---------------------------------------------------
Reporter: martinkou | Owner: martinkou
Type: Bug | Status: new
Priority: Normal | Milestone: FCKeditor 2.6.2
Component: General | Version: SVN
Resolution: | Keywords: Confirmed Firefox Review-
------------------------+---------------------------------------------------
Comment (by martinkou):
I don't think the domain relaxation stuff is unneeded for Firefox... We're
having issue in Firefox 2 and 3 here because the file browser dialog is
currently having a different document.domain than the main FCKeditor
window.
Let's say I fired up sample01.html from www.fckeditor.local but
document.domain is set to fckeditor.local inside sample01.html. Everything
inside the window should have document.domain == 'fckeditor.local' or else
they cannot interact with each other. If I open the file browser dialog
from inside the image dialog, and print out the document.domain value with
Firebug, the value would be www.fckeditor.local, which makes it impossible
for the file browser to communicate with the main window in any way (thus
SetUrl fails).
Applying the #2296 patch alone would cause a regression in #2117 in
Firefox 2 because of Firefox 2's XMLHttpRequest bug, described in
[http://alexander.kirk.at/2006/07/27/firefox-15-xmlhttprequest-
reqresponsexml-and-documentdomain/ here]. Basically, what this means is,
whenever we've set document.domain in Firefox 2, XMLHttpRequest will stop
working the "normal way" in the sense that its responseXML attribute will
always be inaccessible. The only way to fix this is to parse the
responseText to an XML DOM ourselves. We've got the very same fix as #2117
in editor/_source/classes/fckxml_gecko.js for domain relaxation, so #2117
is just fixing a known bug. That is why I said #2117's patch has to be
applied in conjunction with this ticket's patch to get a working dialog.
I don't really see any other way this issue can be fixed in JavaScript as
domain checking is a very fundamental security feature in Firefox.
--
Ticket URL: <https://dev.fckeditor.net/ticket/2296#comment:3>
FCKeditor <http://www.fckeditor.net>
The text editor for Internet
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
FCKeditor-Trac mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fckeditor-trac
