Closed Bug 494805 Opened 15 years ago Closed 15 years ago

CacheStoragePermissions() broken for session/localStorage

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
1.9.1 Branch
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mayhemer, Assigned: mayhemer)

References

Details

(Keywords: fixed1.9.1)

Attachments

(1 file)

wip1
(deleted), patch
Details | Diff | Splinter Review
CacheStoragePermissions calls CanAccess of the storage as a security check. I have just found out that nsDOMStorage2 (sessionStorage and localStorage implementation) calls an old nsDOMStorage::CanAccess that only checks domain and NOT the whole principal. We have to change CacheStoragePermissions to call the correct method somehow, nsDOMStorage2 is wrapping nsDOMStorage.
Flags: blocking1.9.1?
Attached patch wip1 (deleted) — Splinter Review
How does this bug relate to bug 494810 and bug 494799, if at all?
Doesn't block, would take patch with tests.
Flags: wanted1.9.1.x?
Flags: blocking1.9.1?
Flags: blocking1.9.1-
This got fixed for 1.9.1 by the fix for bug 495112.
Keywords: fixed1.9.1
Blocks: 495337
Fixed on trunk by the fix for bug 495112. Bug 495337 filed as a followup. http://hg.mozilla.org/mozilla-central/rev/363750f510ec
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Flags: wanted1.9.1.x?
Group: core-security
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: