7254 - Implement DOM security

Status: VERIFIED FIXED

(Core :: DOM: Core & HTML, defect, P3)

Description

[Norris Boyd]

Entering all security bugs and tasks for SeaMonkey into Buzilla for schedule
tracking.

Comment 1

[joki (gone)]

This is mostly done but a little unstable (like I know I'm leaking right now).
I don't think we gain a lot dropping this in now so I'm going to put it into
M8 instead and play on local trees for another week.

Comment 2

[joki (gone)]

This is partially fixed but not fully functional.  Checking in what I have
now and moving bug to M9 for further work.

Comment 3

[joki (gone)]

This is still in a partial state.  Moving to M10 for further work.

Comment 4

[Norris Boyd]

Adding dependency on 12957, pushing back target milestone to M11.

Comment 5

[Norris Boyd]

DOM security can be enabled by changing
mozilla/modules/libpref/src/win/winprefs.js so that security is enabled
by changing the line
/* DISABLE FOR NOW
to
///* DISABLE FOR NOW
and similarly for the comment close. Rebuild so the changed file is copied to
dist.
This causes incorrect errors as found in 13192 and 12957

Comment 6

[Norris Boyd]

Changed summary to remove "Bell Labs code integration". That's all under bug
858.

Comment 7

[saari (gone)]

Do we really need this for the mozilla beta?

Comment 8

[Norris Boyd]

Yes, we need this for beta. The current beta criteria involve enabling
e-commerce by protecting credit card information on form submission, for which
we need this bug fixed.

Comment 9

[Norris Boyd]

Checked in changes that enable DOM security checks.

Comment 10

[Prashant Desale]

Norris Boyd, Could you please verify this one ?

Comment 11

[Prashant Desale]

Marking verified.