Closed
Bug 406364
Opened 17 years ago
Closed 17 years ago
privileged calls to addEventListener should ignore untrusted events by default
Categories
(Core :: DOM: Events, enhancement)
Tracking
()
RESOLVED
INVALID
People
(Reporter: jeremy, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070507 (Gentoo) Build Identifier: I think in almost all cases privileged code will want to ignore untrusted events. Not making it the default just leads to mistakes that are possible exploits. Reproducible: Always
Comment 1•17 years ago
|
||
Bug 289940 comment 0 indicates that the plan was for "ignore untrusted events" to be the default for chrome. Is that not what happened?
Comment 2•17 years ago
|
||
Chrome ignores untrusted events by default. I think this about other privileged code?
Comment 3•17 years ago
|
||
The check is IsCallerChrome(), as I recall. It's really not clear from comment 0 what this bug is about, exactly...
Reporter | ||
Comment 4•17 years ago
|
||
Oh, it looks like I'm mistaken then. I had thought the default was the other way around. Sorry for the noise.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•