Closed
Bug 77825
Opened 23 years ago
Closed 23 years ago
[XPCDOM] Accessing window.location doesn't call canAccess()
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: security-bugs, Assigned: jst)
Details
Accesses of window.location aren't causing a call to canAccess() in the security manager, nor are accesses of properties defined in scripts.
Reporter | ||
Comment 1•23 years ago
|
||
Upping severity to blocker. If not fixed, this will allow some pretty bad privacy violations.
Severity: normal → blocker
Assignee | ||
Comment 2•23 years ago
|
||
Mitch, what security manager methods should I call in the scriptable helper code? And when? On setting a property and getting a property, any other cases?
Reporter | ||
Comment 3•23 years ago
|
||
Look at nsIXPCSecurityManager; the names of the functions are pretty self-explanatory. THose are the functions we should be calling.
Assignee | ||
Comment 4•23 years ago
|
||
Fixed.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 5•23 years ago
|
||
Johhney or Mitch, could you please verify this one ?
You need to log in
before you can comment on or make changes to this bug.
Description
•