Closed
Bug 350433
Opened 18 years ago
Closed 17 years ago
Same-origin checks that should fail, don't
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha8
People
(Reporter: bzbarsky, Assigned: jst)
References
(Blocks 1 open bug)
Details
(Whiteboard: [sg:high] fixed by XOW)
We seem to have some inconsistent security checks. See details in bug 344890 comment 8. This bug is _solely_ about this inconsistency. Please do not admix any of the other discussion from bug 344890 here. I suspect the problem is that needsSecurityCheck is returning a cached false when it shouldn't (because while the cx is the same the principal on the stack is not). I haven't had a chance to verify this, however. While this is not going to cause problems for XPConnect stuff, for non-XPConnect JS variables on pages this could be bad.
|
Reporter | |
Updated•18 years ago
|
Flags: blocking1.9?
Flags: blocking1.8.1?
Flags: blocking1.8.0.8?
|
||
Updated•18 years ago
|
Flags: blocking1.8.1? → blocking1.8.1+
|
|
Reporter | |
Comment 1•18 years ago
|
||
So if I make needsSecurityCheck always return PR_TRUE, this bug goes away. The basic first problem is that needsSecurityCheck assumes that code running on a given cx always has the same principal. That's a pretty bogus assumption, and is what's biting us here -- it lets code with the null principal get at and call |foo|. Imo we should make the cache be per-JSStackFrame or something...
|
|
||
Comment 2•18 years ago
|
||
So bz - is this/should this be something we try and get in 1.8.1?
|
|
Reporter | |
Comment 3•18 years ago
|
||
I think so, yes. Though changes for bug 351370 might make things better here... maybe. Not sure.
Depends on: 351370
|
|
||
Comment 4•18 years ago
|
||
pushing to 1.8.1.1...
Flags: blocking1.8.1.1?
Flags: blocking1.8.1-
Flags: blocking1.8.1+
|
||
Comment 6•18 years ago
|
||
Not clear we know what the fix is going to be here, not blocking the current release (though we'll consider taking a patch) but putting on a later radar.
Flags: blocking1.8.1.2?
Flags: blocking1.8.1.1?
Flags: blocking1.8.1.1-
Flags: blocking1.8.0.9?
Flags: blocking1.8.0.9-
Flags: blocking1.8.0.10?
Whiteboard: [sg:high]
|
|
||
Updated•18 years ago
|
Flags: wanted1.8.1.x+
Flags: wanted1.8.0.x+
Flags: blocking1.8.1.2?
Flags: blocking1.8.0.10?
|
|
||
Updated•18 years ago
|
Flags: blocking1.8.1.2?
Flags: blocking1.8.0.10?
|
|
||
Updated•18 years ago
|
Flags: blocking1.8.1.2?
Flags: blocking1.8.1.2+
Flags: blocking1.8.0.10?
Flags: blocking1.8.0.10+
|
||
Updated•18 years ago
|
Flags: blocking1.8.1.2+
Flags: blocking1.8.0.10?
Flags: blocking1.8.0.10+
|
|
||
Updated•18 years ago
|
Flags: blocking1.8.0.10?
Flags: blocking1.9? → blocking1.9+
|
||
Comment 8•17 years ago
|
||
Setting to B1 per conversation with JST.
Target Milestone: --- → mozilla1.9beta1
|
Assignee | |
Comment 9•17 years ago
|
||
The offending code here is no longer in the tree thanks to mrbkap's cross origin wrapper changes. Marking bug FIXED.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
|
||
Updated•17 years ago
|
Whiteboard: [sg:high] → [sg:high] fixed by XOW
|
|
||
Updated•12 years ago
|
Group: core-security
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•