selmer (gone) Reporter
	Description • 25 years ago

In beta 1, there is no signed javascript.  Therefore, served JS isn't going to
be able to get a toolkit object and call the toplevel close method to end the
activation sequence.  We need to find some other method.  Here are some
possbilities:

1.  find out if, fix, or kludge a way for window.close(); to do the job
2.  have the server load the URL resource:/res/profile/endact.xul and have that
	file do all the necessary stuff
3.  make some exception in the security code so toplevel close can be called in
	this case
4.  implement some bogus javascript function in place of 1, 2, or 3

Anyone have any other ideas?

	selmer (gone) Reporter
	Comment 1 • 25 years ago

Dogfood Candidate

	selmer (gone) Reporter
	Comment 2 • 25 years ago

Need to get this in so we can coordinate with Netcenter and test activation.

	daver
	Comment 3 • 25 years ago

Consult Porkjockeys for implementation strategy

	racham Assignee
	Comment 4 • 25 years ago

Adding Norris to cc list.

Hi Norris,

Did you add any code recently to do a security check on executing JavaScript in
the browser window ? We are trying to close the window (a webshell window) via
javascript. I know secure JS is planned for beta. Brendan mentioned to me that
you did some work on this stuff lately. So, I'm curious to find out if you had
done any work in that direction and if there are any JS snippets to demonstrate
the security related work.

	Norris Boyd
	Comment 5 • 25 years ago

We're planning to have signed JavaScript by beta. I've added a dependency on the
tracking bug for this feature.

Currently I'm working on the code needed to enable privileges. mstoltz is
working on downloading jar files and verifying digital signatures. We don't yet
have either of these completely working yet.

On the other issue, yes, I've been enabling security checks recently. Are you
seeing a security error message printed out?

	Brendan Eich [:brendan]
	Comment 6 • 25 years ago

Isn't the window.close caller JS loaded from XUL in a chrome window?  Why can't
it close whatever chrome or content window it pleases, without security checks?
It seems to me we should let chrome JS close windows.  Or is the call from HTML
JS?

/be

	racham Assignee
	Comment 7 • 25 years ago

For the activation service that we will be doing for Netcenter, it will be a
HTML JS (JS they will be passing back after processing data) call to close the
window.

	Norris Boyd
	Comment 8 • 25 years ago

If web JavaScript opened the window, then there shouldn't need to be any signed
privileges needed to close the window. What problems are you seeing?

	selmer (gone) Reporter
	Comment 9 • 25 years ago

The window is originally opened by the profile manager code during startup.  The
window gets closed by the html page served up from Netcenter.

	racham Assignee
	Comment 10 • 25 years ago

I'll be able to look more closely into this bug in the week ending 19th.

	Jim Roskind
	Comment 11 • 25 years ago

Actually needed for sync with Netcenter... but not really dogfood... so we're
removing the PDT+

	racham Assignee
	Comment 12 • 25 years ago

Mass moving Netcenter Registration Activation related bugs to M13.

	racham Assignee
	Comment 13 • 25 years ago

Adding feature keyword to the summary.

	racham Assignee
	Comment 14 • 25 years ago

close.window() now is the method to close the toplevel window.
The url provided above has a test case.

closing the bug.

	Grace Bush
	Comment 15 • 25 years ago

test case works

	leger
	Comment 16 • 25 years ago

Moving all Profile Manager bugs to new Profile Manager Backend component.
Profile Manager component to be deleted.