Open
Bug 1288397
Opened 8 years ago
Updated 2 years ago
Disallow (or add a 'force' parameter to Cu.unload to allow this) unloading anything under resource://gre/ or resource:/// or resource://app/
Categories
(Core :: XPConnect, defect, P3)
Core
XPConnect
Tracking
()
REOPENED
| Tracking | Status | |
|---|---|---|
| firefox50 | --- | affected |
People
(Reporter: Gijs, Unassigned)
Details
So apparently add-on folks are footgunning themselves on Cu.unload (cf. bug 1287824 ). We should take away the footgun.
|
||
Comment 1•8 years ago
|
||
Once you have system principal and access to Cu, you have access to all the footguns of the world. We can only make it harder for add-ons to do this, won't be able to completely prevent it. Is you intention to prevent the unintentional cases? For that, a warning should be enough if the caller scope is an add-on scope. I'm not against that.
|
Reporter | |
Comment 2•8 years ago
|
||
(In reply to Gabor Krizsanits [:krizsa :gabor] from comment #1) > Once you have system principal and access to Cu, you have access to all the > footguns of the world. We can only make it harder for add-ons to do this, > won't be able to completely prevent it. Well, there are no cases that I can see in our codebase where we use .unload with core app files, outside of tests (which we could fix). I'm not sure why such functionality would be necessary. > Is you intention to prevent the > unintentional cases? For that, a warning should be enough if the caller > scope is an add-on scope. I'm not against that. Well, "intentional" is an interesting word. I guess I'm alleging that nobody who actually understands what Cu.unload does would ever want to Cu.unload a module from resource:/// or resource://app/ or resource://gre/ in a running Firefox instance. Which then by definition makes all the current callers "unintentional". I don't think a warning is good enough, because the MDN page for Cu.unload already has a warning, and clearly people aren't reading it, if even people in MoCo itself ( https://github.com/mozilla/universal-search/issues/267 ) are using it to unload core Firefox files from add-ons... :-\
|
||
Comment 3•8 years ago
|
||
Any thoughts, Bobby (feel free to say no)?
Flags: needinfo?(bobbyholley)
Priority: -- → P3
|
||
Comment 4•8 years ago
|
||
Happy to add any restrictions that lead to less bugs in practice. This API is YMMV anyway.
Flags: needinfo?(bobbyholley)
|
||
Comment 5•6 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
|
||
Updated•6 years ago
|
Status: RESOLVED → REOPENED
Resolution: INACTIVE → ---
|
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•