Closed
Bug 1355996
Opened 8 years ago
Closed 7 years ago
Inspector uses unsafe CPOWs to find CSS selector for node to select
Categories
(DevTools :: Inspector, enhancement, P3)
DevTools
Inspector
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1356415
People
(Reporter: billm, Assigned: jdescottes)
References
Details
We disabled unsafe CPOWs in Firefox code a while ago. However, it looks like devtools code is being counted as an add-on because of bug 1355994. I did a try push to see where unsafe CPOWs are actually being used in devtools, and I only see one place.
In nsContextMenu.js, we pass this.target, which is a CPOW, to inspectNode:
http://searchfox.org/mozilla-central/rev/624d25b2980cf5f83452b040e6d664460f9b7ec5/browser/base/content/nsContextMenu.js#575
That then calls findCssSelector on the node:
http://searchfox.org/mozilla-central/rev/2fc8c8d483d9ec9fd0ec319c6c53807f7fa8e8a2/devtools/client/framework/devtools-browser.js#305
An easy fix for this in the short term would be to store the selector when the context menu is generated. During that time, the CPOW would be considered "safe". A better fix would be to generate the selector in a content script (somewhere around [1]) and send it to the parent.
[1] http://searchfox.org/mozilla-central/rev/2fc8c8d483d9ec9fd0ec319c6c53807f7fa8e8a2/browser/base/content/content.js#190
Comment 1•8 years ago
|
||
We've been planning on including the CSS selector for context menu events for the sake of WebExtensions, anyway, so we should probably just do that and be done with it.
Assignee | ||
Comment 3•8 years ago
|
||
I currently have a patch for Bug 1356415 that also fixes this issue. Taking the bug in the meantime.
Assignee: nobody → jdescottes
Status: NEW → ASSIGNED
Assignee | ||
Comment 5•7 years ago
|
||
Thank, forgot to follow up. Closing as duplicate.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Flags: needinfo?(jdescottes)
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•