cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian LeRoux...@brian.io>
Subject Re: Security Error in FirefoxOS on reading window.navigator properties
Date Mon, 24 Jun 2013 18:34:24 GMT
I'm at a loss why that code even needs to exist.

Anyone? Herm / Gord?

On Thu, Jun 20, 2013 at 5:06 AM, Piotr Zalewa <pzalewa@mozilla.com> wrote:
> I came to a point where I need to use the group wisdom.
>
> In https://github.com/apache/cordova-firefoxos/blob/master/lib/cordova.firefoxos.js#L5929
Cordova is trying to replace window.navigator with something which looks like a copy of itself.
window.navigator is protected in FirefoxOS - even browsing through its properties is not allowed.
>
> alert('pre'); for (var key in window.navigator) {window.navigator[key]}; alert('post');
>
> Above code will work in browser, but not on the device or Simulator. It will throw "SecurityError:
The operation is insecure." and 'post' will not get alerted. Example in JSFiddle - http://jsfiddle.net/zalun/VkCyH/embedded/result/
(just install in Simulator)
>
> I'm looking for a solution for that issue.
>
> Is the step with replacing window.navigator needed? The comment in the code says
> // We replace it so that properties that can't be clobbered can instead be overridden.
>
>
> Piotr

Mime
View raw message