We have raw nsISupports* pointers in the HttpAuthentication code. It turns out that nsIAuthenticator.idl isn't actually needed (no JS calls generateCredentials() or challengeReceived(), which use inout nsISupports parameters; it's no [scripted]). By moving this interface to normal c++ header entries, we can get rid of the awkward dances to use nsISupports**'s, NS_IF_RELEASE(), etc. This is the last use in the tree of an inout parameter for a refcounted type. Use of raw pointers like this is inherently error-prone, leading to potential security issues.
Bug 1839448 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
We have raw nsISupports* pointers in the HttpAuthentication code. It turns out that nsIAuthenticator.idl isn't actually needed (no JS calls generateCredentials() or challengeReceived(), which use inout nsISupports parameters; it's not [scripted]). By moving this interface to normal c++ header entries, we can get rid of the awkward dances to use nsISupports**'s, NS_IF_RELEASE(), etc. This is the last use in the tree of an inout parameter for a refcounted type. Use of raw pointers like this is inherently error-prone, leading to potential security issues.