[Project_owners] Re: Getting the right (secure) value from context menu code

Neil neil at parkwaycc.co.uk
Mon May 9 16:59:32 EDT 2005


Michael Vincent van Rantwijk wrote:

> Neil wrote:
>
>> Michael Vincent van Rantwijk wrote:
>>
>>> How do I make the following line secure:
>>>
>>> var url = gContextMenu.target.ownerDocument.location.href;
>>>
>>> I hope that this is right:
>>>
>>> var ownerDocument = new XPCNativeWrapper(gContextMenu.target, 
>>> "ownerDocument").ownerDocument;
>>> var location = new XPCNativeWrapper(ownerDocument, 
>>> "location").location;
>>> var url = location.href;
>>>
>>> but what about 'target'?
>>
>> gContextMenu is a chrome object, so there are no issues there.
>
> Oh, well, I got a bit confused by this code I guess:
> http://lxr.mozilla.org/seamonkey/source/xpfe/communicator/resources/content/nsContextMenu.js#648

Well, you'll notice that it doesn't bother to wrap "this.target" ...


More information about the Project_owners mailing list