cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gord Tanner <gtan...@gmail.com>
Subject Re: Security Error in FirefoxOS on reading window.navigator properties
Date Mon, 24 Jun 2013 19:59:58 GMT
This might be a bad example since most platforms support native geolocation
now but I know we would run into problems with:

     navigator.geolocation = require('cordova/plugin/geolocation')

When geolocation already existed on navigator it would throw a security
exception (or just be a noop).  It is the cost of doing our shit on the
navigator object, every platform treats this as a "secure" object
(rightfully so) and does things a little differently.  The lowest common
denominator was to just dump our own mock object in ASAP to prevent a lot
of that security stuff from getting in our way.

Does this still need to happen? (I don't know)
What platforms were having problems? (I can't really remember)
Should we look into if we still need to do this? (of course)

the bootstrap.js is ment to contain code for bootstrapping all of cordova
on every platform.  I am thinking we may need to rethink the navigator
clobbering and make this a platform overridable bootstrap step.



On Mon, Jun 24, 2013 at 3:50 PM, Brian LeRoux <b@brian.io> wrote:

> But wait, and I'm serious here, why even duck punch navigator to begin
> with?
>
> I understand we add properties to it. Is that why it needs to be opened?
>
> On Mon, Jun 24, 2013 at 11:50 AM, Ian Clelland <iclelland@google.com>
> wrote:
> > Can the SecurityError be caught in an try{} block? If so, then we could
> > implement a general solution of "try to clobber the entire object; if
> that
> > doesn't work, try to clobber each of its properties instead."
> >
> > In the second case, a debug log line for each property that cannot be
> > copied would give us a list of any platform-dependent quirks that we need
> > to document.
> >
> >
> > On Mon, Jun 24, 2013 at 2:42 PM, Gord Tanner <gtanner@gmail.com> wrote:
> >
> >> This is from the bootstrap file for all platforms [1].
> >>
> >> This is to cover us for security issues we were having on other
> platforms
> >> where we are not able to replace existing navigator object methods
> >> (geolocation, etc) or add new ones.  We create this object and proxy to
> the
> >> original navigator object to have something that is a bit more flexible
> for
> >> us to work with and modify.
> >>
> >> Does firefox yell at us if we replace the navigator object without
> >> iterating over the old one? We could then just hardcode the list of
> >> functions to proxy over to the original for that platform.
> >>
> >> [1] -
> >>
> >>
> https://git-wip-us.apache.org/repos/asf?p=cordova-js.git;a=blob_plain;f=lib/scripts/bootstrap.js;hb=HEAD
> >>
> >>
> >> On Mon, Jun 24, 2013 at 2:34 PM, Brian LeRoux <b@brian.io> wrote:
> >>
> >> > I'm at a loss why that code even needs to exist.
> >> >
> >> > Anyone? Herm / Gord?
> >> >
> >> > On Thu, Jun 20, 2013 at 5:06 AM, Piotr Zalewa <pzalewa@mozilla.com>
> >> wrote:
> >> > > I came to a point where I need to use the group wisdom.
> >> > >
> >> > > In
> >> >
> >>
> https://github.com/apache/cordova-firefoxos/blob/master/lib/cordova.firefoxos.js#L5929Cordovaistrying
to replace window.navigator with something which looks
> >> > like a copy of itself. window.navigator is protected in FirefoxOS -
> even
> >> > browsing through its properties is not allowed.
> >> > >
> >> > > alert('pre'); for (var key in window.navigator)
> >> {window.navigator[key]};
> >> > alert('post');
> >> > >
> >> > > Above code will work in browser, but not on the device or
> Simulator. It
> >> > will throw "SecurityError: The operation is insecure." and 'post' will
> >> not
> >> > get alerted. Example in JSFiddle -
> >> > http://jsfiddle.net/zalun/VkCyH/embedded/result/ (just install in
> >> > Simulator)
> >> > >
> >> > > I'm looking for a solution for that issue.
> >> > >
> >> > > Is the step with replacing window.navigator needed? The comment in
> the
> >> > code says
> >> > > // We replace it so that properties that can't be clobbered can
> instead
> >> > be overridden.
> >> > >
> >> > >
> >> > > Piotr
> >> >
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message