Closed
Bug 467869
Opened 16 years ago
Closed 15 years ago
"ASSERTION: Native anonymous content must have its parent as its own binding parent" moving boxObject.lastChild
Categories
(Core :: XUL, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
(deleted),
application/vnd.mozilla.xul+xml
|
Details | |
(deleted),
patch
|
Details | Diff | Splinter Review |
###!!! ASSERTION: Native anonymous content must have its parent as its own binding parent: '!IsRootOfNativeAnonymousSubtree() || aBindingParent == aParent', file /Users/jruderman/central/content/base/src/nsGenericElement.cpp, line 2508
###!!! ASSERTION: root of native anonymous subtree must have parent equal to binding parent: '!IsRootOfNativeAnonymousSubtree() || (GetParent() && GetBindingParent() == GetParent())', file ../../dist/include/content/nsIContent.h, line 201
###!!! ASSERTION: must have binding parent when in native anonymous subtree: '!IsInNativeAnonymousSubtree() || GetBindingParent()', file ../../../dist/include/content/nsIContent.h, line 213
Comment 1•16 years ago
|
||
Ugh. We have _got_ to stop giving untrusted script access to native anonymous content.
And can we _please_ just remove box objects? :( Or at least make their content-traversal methods throw when hitting native anon content, or skip it or something?
Comment 2•16 years ago
|
||
Do we use boxObject.firstChild/.lastChild etc anywhere?
Comment 3•16 years ago
|
||
Does an mxr search not show any uses?
Comment 4•16 years ago
|
||
firstChild etc are a bit tricky to search. Same names used in some many other
places.
Comment 5•16 years ago
|
||
Updated•16 years ago
|
Attachment #359639 -
Attachment is patch: true
Attachment #359639 -
Attachment mime type: application/octet-stream → text/plain
Reporter | ||
Comment 6•15 years ago
|
||
Now I get this error message instead of an assertion:
Error: uncaught exception: [Exception... "Security Manager vetoed action arg 0 [nsIDOMXULElement.appendChild]" nsresult: "0x80570027 (NS_ERROR_XPC_SECURITY_MANAGER_VETO)" location: "JS frame :: https://bug467869.bugzilla.mozilla.org/attachment.cgi?id=351315 :: boom2 :: line 16" data: no]
Is this expected?
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 7•15 years ago
|
||
Crashtest added: http://hg.mozilla.org/mozilla-central/rev/b85c6ee1b1ab
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•