Open Bug 1017568 Opened 10 years ago Updated 2 years ago

Don't expose window.dump to web content

Categories

(Core :: DOM: Core & HTML, defect, P5)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

People

(Reporter: bruant.d, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: site-compat) 

I haven't found a standard for it and it's not supported by Chrome.

There *might* be a web-compat issue around bug 972250 (which was fixed by backing out a change to window.dump), but I'm not sure.
Hmm.  We might be able to expose it if chrome or browser.dom.window.dump.enabled is set.  It worries me a bit that we might have code in untrusted bits like debugger or extensions (e.g. Chatzilla) that have dump() calls...
Also, we should decide what workers should do.  This is tougher, since they can't check the pref, right?
(In reply to Boris Zbarsky [:bz] from comment #2)
> Also, we should decide what workers should do.  This is tougher, since they
> can't check the pref, right?

Not really, we have infrastructure for propagating preference changes to workers.  Look at RuntimeService::Init.
Ah, so we could do it with a Func in the IDL, ok.
(In reply to comment #4)
> Ah, so we could do it with a Func in the IDL, ok.

Doesn't [Pref] work for stuff that is exposed to workers?
It will pass codegen and output code that touches the preference service from the worker thread.  So it not only doesn't work, it outputs bogus code.  :(
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Blocks: proprietary-dom
Keywords: site-compat
OS: Linux → All
Hardware: x86 → All
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.