Closed Bug 287319 Opened 20 years ago Closed 20 years ago

calling unused methods would break OS/2 d&d

Categories

(Core :: DOM: Copy & Paste and Drag & Drop, defect)

Product:
Core
Component:
DOM: Copy & Paste and Drag & Drop
Platform:
x86
OS/2
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dragtext, Assigned: mkaply)

Details

Attachments

(1 file)

patch to nsDragService for OS/2
(deleted), patch
mozilla
: review+
mkaply
: superreview+
Details | Diff | Splinter Review
The OS/2 version of nsDragService doesn't use the methods StartDragSession() or EndDragSession() which are inherited from nsBaseDragService. If some code were to call them (in error), they would break our implementation. This patch overrides these two methods and turns them into no-ops to prevent this possibility.
Attached patch patch to nsDragService for OS/2 (deleted) — Splinter Review
This patch should be applied to the trunk and all applicable branches.
This is a security measure against malitious extensions following bug 285438? Or does it have implications that I don't see because of which I should refresh my unofficial 1.7.6? As a nit, perhaps you could return NS_ERROR_NOT_IMPLEMENTED instead of NS_OK?
(In reply to comment #2) > This is a security measure against malitious extensions following bug 285438? > Or does it have implications that I don't see because of which I should > refresh my unofficial 1.7.6? Not really. This is just protection against future additions to the codebase doing something stupid. The two methods are declared as public, so anyone anywhere could call them in error and bolix up OS/2 d&d. Had they been declared as protected, so that only subclasses of nsBaseDragService could call them, then this wouldn't be needed. WRT the security bug, the OS/2 version of nsDragService had _no_ problems. > As a nit, perhaps you could return NS_ERROR_NOT_IMPLEMENTED instead of NS_OK? Returning an error might break stupid code and give the mistaken impression that our code was at fault. IMHO, it's better to let whatever proceed in blissful ignorance, generating an assertion in the debug version but otherwise doing no harm.
Comment on attachment 178330 [details] [diff] [review] patch to nsDragService for OS/2 Fine, you've convinced me. I hope I am not crossing the line by marking r=me.
Attachment #178330 - Flags: superreview?(mkaply)
Attachment #178330 - Flags: review+
Comment on attachment 178330 [details] [diff] [review] patch to nsDragService for OS/2 sr=mkaply
Attachment #178330 - Flags: superreview?(mkaply) → superreview+
I put this on trunk. It's getting harder to get non security stuff on the branch. If you can come up with a really good reason...
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
(In reply to comment #6) > I put this on trunk. It's getting harder to get non security stuff on the > branch. If you can come up with a really good reason... This is simply insurance against poorly written new features. If there are no new features added to a branch, no insurance is needed.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: