[Project_owners] Re: Getting the right (secure) value from context menu code

Michael Vincent van Rantwijk some at universum.org
Wed May 11 15:02:58 EDT 2005


Neil wrote:
> Michael Vincent van Rantwijk wrote:
> 
>> Neil wrote:
>>
>>> Michael Vincent van Rantwijk wrote:
>>>
>>>> Neil wrote:
>>>>
>>>>> Michael Vincent van Rantwijk wrote:
>>>>>
>>>>>> How do I make the following line secure:
>>>>>>
>>>>>> var url = gContextMenu.target.ownerDocument.location.href;
>>>>>>
>>>>>> I hope that this is right:
>>>>>>
>>>>>> var ownerDocument = new XPCNativeWrapper(gContextMenu.target, 
>>>>>> "ownerDocument").ownerDocument;
>>>>>> var location = new XPCNativeWrapper(ownerDocument, 
>>>>>> "location").location;
>>>>>> var url = location.href;
>>>>>>
>>>>>> but what about 'target'?
>>>>>
>>>>>
>>>>> gContextMenu is a chrome object, so there are no issues there.
>>>>
>>>>
>>>> Oh, well, I got a bit confused by this code I guess:
>>>> http://lxr.mozilla.org/seamonkey/source/xpfe/communicator/resources/content/nsContextMenu.js#648 
>>>>
>>>
>>>
>>> Well, you'll notice that it doesn't bother to wrap "this.target" ...
>>
>>
>> As in it isn't needed there, because 'this' is the chrome popup?
> 
> 
> It's the chrome variable, yes.
> 
> Your clock's time's still wrong. Maybe your time is so far out that your 
> timesync app can't cope. Make sure that your local timezone is correct 
> as well as your local time.

Yes, the timezone was still incorrect, thanks for pointing me into the 
right direction.

Michael.


More information about the Project_owners mailing list