Closed
Bug 282615
Opened 20 years ago
Closed 20 years ago
DOMSerializer's security checks don't take capabilities into account.
Categories
(Core :: DOM: Serializers, defect)
Core
DOM: Serializers
Tracking
()
RESOLVED
FIXED
People
(Reporter: jst, Assigned: jst)
Details
Attachments
(2 files, 2 obsolete files)
3.84 KB,
patch
|
Details | Diff | Splinter Review | |
3.53 KB,
patch
|
sicking
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
Currently it's impossible to serialize a DOM node from a different domain even if you enable "UniversalBrowserRead", the nsDOMSerializer code needs to check if that capability is enabled. Patch coming up.
Assignee | ||
Comment 1•20 years ago
|
||
Assignee | ||
Comment 2•20 years ago
|
||
Assignee | ||
Updated•20 years ago
|
Attachment #174606 -
Flags: superreview?(bzbarsky)
Attachment #174606 -
Flags: review?(bugmail)
Comment 3•20 years ago
|
||
Comment on attachment 174606 [details] [diff] [review] Fix (diff -w for reviews) sr=bzbarsky
Attachment #174606 -
Flags: superreview?(bzbarsky) → superreview+
Couldn't you call nsContentUtils::CanCallerAccess
Assignee | ||
Comment 5•20 years ago
|
||
That's in the wrong library, not reachable from the nsDOMSerializer code.
Comment on attachment 174606 [details] [diff] [review] Fix (diff -w for reviews) > nsCOMPtr<nsIDOMDocument> owner_doc(do_QueryInterface(aRoot)); > > if (!owner_doc) { > aRoot->GetOwnerDocument(getter_AddRefs(owner_doc)); > } > > nsCOMPtr<nsIDocument> doc(do_QueryInterface(owner_doc)); You didn't change this, but would you mind fixing the double-QI here for the case when aRoot is a document? You also need to check that the passed in node is an nsIContent or nsIAttribute. Otherwise someone might pass in a js-object with a foregin node as "child". Requesting new patch just to be no the safe side since this is security and all that. We desperatly need to move this stuff to the securitymanager.
Attachment #174606 -
Flags: review?(bugmail) → review-
Assignee | ||
Comment 7•20 years ago
|
||
Attachment #174605 -
Attachment is obsolete: true
Attachment #174606 -
Attachment is obsolete: true
Assignee | ||
Comment 8•20 years ago
|
||
Attachment #174778 -
Flags: superreview?(bzbarsky)
Attachment #174778 -
Flags: review?(bugmail)
Comment 9•20 years ago
|
||
Comment on attachment 174778 [details] [diff] [review] Updated fix (diff -w) sr=bzbarsky
Attachment #174778 -
Flags: superreview?(bzbarsky) → superreview+
Attachment #174778 -
Flags: review?(bugmail) → review+
Assignee | ||
Comment 10•20 years ago
|
||
Fixed.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•