[Project_owners] Re: Flashblock eventListeners and Deer Park Alpha 1

Philip Chee philip at aleytys.pc.my
Fri Jun 17 22:52:56 EDT 2005


On Fri, 17 Jun 2005 12:07:09 +0100, Neil wrote:
> Philip Chee wrote:
>>On Thu, 16 Jun 2005 16:57:32 -0600, Pete Collins wrote:

>>>if (!Components.interfaces.nsIPrefBranch2)
>>>  dump("it's not there ...");

>>According to google I can also use instanceof:

>>var prefs = Components.classes["@mozilla.org/preferences-service;1"]
>>            .getService(Components.interfaces.nsIPrefBranch);
>>if (prefs instanceof Components.interfaces.nsIPrefBranch2) {

> Actually both these versions will log strict JavaScript warnings, if you 
> have them enabled.

OK, I'll bite. Why would these trigger strict warnings?

>>Specifically either the dispatchEvent doesn't get dispatched at all
>>AND/OR the event listener doesn't receive the event.

>>Is this a bug in 1.1a1? If so I can raise a bugzilla.mozilla.org bug but
>>I don't want to be embarrased to discover that this is a "feature" and not
>>a "bug" in 1.1.

> Yes, it's a feature. The bug is marked security sensitive, but if you 

I kind of guessed so, however google finds a ton of websites posting the
proof of concept exploit when I googled for "firefox addeventlistener" I
don't understand why this is still security sensitive?

> read the new nsIDOMNSEventTarget interface you'll see that the idea is 
> to stop web pages from dispatching bogus events to confuse extensions. 
> Fortunately this interface appears to be backward-compatible, in that 
> window.addEventListener("flashblockCheckLoad", checkLoadFlash, true, 
> true); should continue to work in older builds.

You rock Neil! You already have a special credit line in our install.rdf
because you were the one who suggested the original code.

Phil

-- 
Philip Chee <philip at aleytys.pc.my>
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
[ ]Ever stop to think, and forget to start again?
* TagZilla 0.058


More information about the Project_owners mailing list