Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

localStorage in Firefox extension throws "The operation is insecure." exception

Tags:

javascript

local-storage

firefox

firefox-addon

I am developong Firefox Add-on that uses localStorage to store user data in website context. It access localStorage via injected content scripts using standard methods:

localStorage.getItem(key);
localStorage.setItem(key, value);

The code that calls localStorege is injected to website via PageMod:

pageMod.PageMod({
    contentScriptFile: [
        self.data.url("app.js")
    ]})

When methods getItem/setItem are called, security exception is thrown:

[Exception... "The operation is insecure." code: "18" nsresult: "0x80530012 (SecurityError)" location: ""]

So far I did not find out the reason why this is happening. I have an suspicion that it may have something to do with old FireFox bug, but probability is low: http://meyerweb.com/eric/thoughts/2012/04/25/firefox-failing-localstorage/

Maybe anyone could suggest an idea what could cause a problem?

Additional info:

  • We are using Addon SDK 1.16
  • Problem occurs since FF 29.0 RC1 (everything works with FF 28)
like image 213
xb1itz Avatar asked Apr 24 '14 12:04

xb1itz

People also ask

Can localStorage throw exception?

localStorage object is enough to throw a security error. Luckily, catching this error is quite easy.

Why is localStorage a security risk for an application?

Local storage shares many of the same characteristics as a cookie, including the same security risks. One of those is susceptibility to cross-site scripting, which steals cookies to let hackers masquerade as a user with their login session for a site.

Why localStorage Removeitem is not working?

The reason you are running into an error is because, test is not available in the scope of code ( and a reference error is thrown, when you try to access a variable that is not defined yet). In your case it lives on localStorage. test because you are attaching it directly to localStorage object.

Does localStorage work in incognito mode?

Local Storage data stored on normal browsing sessions will not be available when you open a browser in private browsing or in Incognito mode. Local Storage data will not get cleared even if you close the browser. Because it's stored on your browser cache in your machine.

1 Answers

We also have an extension and are getting the same error with local storage. This is a bug with 29, as @basarat notes this error should only be thrown for CORS issues. We've tested with Aurora and Nightly with no issues either. We're filing a bug with Mozilla.

like image 84
CleanTheRuck Avatar answered Nov 02 '22 11:11

CleanTheRuck
Sign in to Comment

Related questions

automatically load a javascript function after loading page
Leaflet cluster color based on icons inside
Creating a Snap.svg object from an <object> element
Using RHINO js engine to make http requests
Get current URL from document.ready
Setting multiple style.background values
Correct way to pass a variable argument in a callback in JavaScript?
charCodeAt and fromCharCode do not return the same character
AngularJS ngTable delays display of ajax data
CoffeeScript: Inline call delegation which works with function bindings
Render mathjax dynamically
Problems in writing binary data with node.js
Success callback of x-editable is not working
WeChat sharing, how to change re-share description and thumbnail?
d3 bar chart with range selector in x-axis (like dygraphs)
How keep a Websocket connection persistent, even after page refresh?
Angular UI Router animation on parent view
How to output JavaScript into a Textbox
jQuery - Can not select first option on last optgroup
Return Javascript variable to AppleScript

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!