Closed
Bug 354693
Opened 18 years ago
Closed 18 years ago
[FIX] Security checks for channel redirects inconsistent with document principals
Categories
(Core :: Security: CAPS, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
Attachments
(1 file)
|
(deleted),
patch
|
dveditz
:
review+
sicking
:
superreview+
|
Details | Diff | Splinter Review |
To be precise, they use different URIs and the redirect check ignores the channel owner. Patch coming up to fix; I ended up doing a little more refactoring than I wanted, sadly. :(
|
Assignee | |
Comment 1•18 years ago
|
||
dveditz, I just want your review on the security manager changes; I think sicking can handle all the XUL stuff.
Summary of changes:
1) Make redirect check consistent with how we get document principals
2) Make XUL proto documents always have a principal and always serialize it.
3) Rev XUL fastload version to deal with that.
4) Make about:blank document creation take a principal argument.
The rest is just the implementation details.
Attachment #240472 -
Flags: superreview?(bugmail)
Attachment #240472 -
Flags: review?(dveditz)
|
|
Assignee | |
Updated•18 years ago
|
Priority: -- → P2
Target Milestone: --- → mozilla1.9alpha
|
||
Comment 2•18 years ago
|
||
Comment on attachment 240472 [details] [diff] [review]
Fix
r=dveditz
Attachment #240472 -
Flags: review?(dveditz) → review+
Comment on attachment 240472 [details] [diff] [review]
Fix
sr=sicking
Attachment #240472 -
Flags: superreview?(bugmail) → superreview+
|
|
Assignee | |
Comment 4•18 years ago
|
||
Fixed, yay.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•