Closed
Bug 302931
Opened 19 years ago
Closed 19 years ago
We shouldn't be calling GetPrincipal() on an outer window
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: bzbarsky, Unassigned)
References
Details
The last patch in bug 296639 restores principals on the outer window. It seems to me that any time we get principals on the outer window that's a bug -- the inner window is the one that has semi-immutable principals associated with the document; the outer window doesn't...
|
||
Comment 1•19 years ago
|
||
Actually, we'll always be calling GetPrincipal() on outer windows from caps when it's looking for object principals for a window other than the window where the code is running. I doubt there's much we can do about that. We should never be using an outer window's principals as the subject principal tho, maybe we should add some assertions to that effect to caps?
|
||
Comment 2•19 years ago
|
||
(In reply to comment #1) > Actually, we'll always be calling GetPrincipal() on outer windows from caps when > it's looking for object principals for a window other than the window where the > code is running. But aren't object principals found via the parent chain? If we walk up that, we should only ever get to an inner window. If some object principals are sought from an outer window (not a contained doc, form, element, node, etc.), then perhaps the caller should be required to get and pass the inner window, restoring the invariant that this bug wants. /be
|
|
||
Comment 3•19 years ago
|
||
Imagine you're doing w=window.open(); w.foo="foo";, in that case we'll need to find the object principals of w when checking if the caller can set w.foo, and w is an outer window, so we'll get the principals from it. Internally that's of course equivalent to getting the principals of the current inner, but the call is made on the outer nonetheless.
|
Reporter | |
Comment 4•19 years ago
|
||
Yeah. Let's assert in GetSubjectPrincipal (though I'm not sure how, to be completely truthful) and do some long and hard thinking about how to deal with GetObjectPrincipal when we go to optimize it.
|
|
Reporter | |
Comment 5•19 years ago
|
||
This is invalid, per comment 3.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•