X
Tap here to go to the mobile version of the site.

Support Forum

Firefox bug: app won't load because modified String.prototype.split is deemed a security risk.

  • No replies
  • 1 has this problem
  • 1 view
Posted

My site (single page with a Haskell server and Cycle.js front end) stops loading when the browser engine encounters line 1818 in my bundle.js file (made by Webpack). A message in the console says "SecurityError: The operation is insecure". Clicking the message takes me to line 1818 , which is the first line under this comment:

/*!
 * Cross-Browser Split 1.1.1
 * Copyright 2007-2012 Steven Levithan <stevenlevithan.com>
 * Available under the MIT License
 * ECMAScript compliant, uniform cross-browser split method
 */
e.exports=(r=String.prototype.split,o=/()??/.exec("")[1]===n,function(e,t,a){if("[object RegExp]"!==Object.prototype.toString.call(t))return r.call(e,t,a);var i,s,c,u,l=[],h=(t.ignoreCase?"i":"")+(t.multiline?"m":"")+(t.extended?"x":"")+(t.sticky?"y":""),d=0;for(t=new RegExp(t.source,h+"g"),e+="",o||(i=new RegExp("^"+t.source+"$(?!\\s)",h)),a=a===n?-1>>>0:a>>>0;(s=t.exec(e))&&!((c=s.index+s[0].length)>d&&(l.push(e.slice(d,s.index)),!o&&s.length>1&&s[0].replace(i,function(){for(var e=1;e<arguments.length-2;e++)arguments[e]===n&&(s[e]=n)}),s.length>1&&s.index<e.length&&

This problem exists in Firefox 60 and 61 and in a recent nightly build. If the modified version of String.prototype.split is not a security problem, removing the bug in version 62 won't be enough. We need a way to catch the error or else a way to tell Firefox not to throw it.

I am running my app in a Digital Ocean droplet with a Nginx reverse proxy server. My Haskell WebSocket server and Cycle.js front end communicate through un-encrypted plain ws messaging. When the Nginx reverse proxy server and browsers communicate by plain old http, there is no problem. But when I make my application more secure by switching to https, Firefox won't finish loading my app on grounds that it is insecure. Chrome has no problem with the secure app.

My site (single page with a Haskell server and Cycle.js front end) stops loading when the browser engine encounters line 1818 in my bundle.js file (made by Webpack). A message in the console says "SecurityError: The operation is insecure". Clicking the message takes me to line 1818 , which is the first line under this comment: <pre><nowiki>/*! * Cross-Browser Split 1.1.1 * Copyright 2007-2012 Steven Levithan <stevenlevithan.com> * Available under the MIT License * ECMAScript compliant, uniform cross-browser split method */ e.exports=(r=String.prototype.split,o=/()??/.exec("")[1]===n,function(e,t,a){if("[object RegExp]"!==Object.prototype.toString.call(t))return r.call(e,t,a);var i,s,c,u,l=[],h=(t.ignoreCase?"i":"")+(t.multiline?"m":"")+(t.extended?"x":"")+(t.sticky?"y":""),d=0;for(t=new RegExp(t.source,h+"g"),e+="",o||(i=new RegExp("^"+t.source+"$(?!\\s)",h)),a=a===n?-1>>>0:a>>>0;(s=t.exec(e))&&!((c=s.index+s[0].length)>d&&(l.push(e.slice(d,s.index)),!o&&s.length>1&&s[0].replace(i,function(){for(var e=1;e<arguments.length-2;e++)arguments[e]===n&&(s[e]=n)}),s.length>1&&s.index<e.length&& </nowiki></pre> This problem exists in Firefox 60 and 61 and in a recent nightly build. If the modified version of String.prototype.split is not a security problem, removing the bug in version 62 won't be enough. We need a way to catch the error or else a way to tell Firefox not to throw it. I am running my app in a Digital Ocean droplet with a Nginx reverse proxy server. My Haskell WebSocket server and Cycle.js front end communicate through un-encrypted plain ws messaging. When the Nginx reverse proxy server and browsers communicate by plain old http, there is no problem. But when I make my application more secure by switching to https, Firefox won't finish loading my app on grounds that it is insecure. Chrome has no problem with the secure app.

Modified by cor-el

Quote

Additional System Details

Installed Plug-ins

Reverse proxy Nginx server in front of bundled Haskell WebSocket server and Cycle.js front end. The problem is in versions 61, 60, and possibly earlier versions of Firefox.

Application

  • User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0

More Information

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.