Closed Bug 1101584 Opened 5 years ago Closed 5 years ago

nsContentUtils::GetUTFOrigin should check if the URI has the nsIURIWithPrincipal interface.

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla36

People

(Reporter: baku, Assigned: baku)

References

Details

Attachments

(1 file, 4 obsolete files)

Attached patch origin.patch (obsolete) — Splinter Review
No description provided.
Attachment #8525356 - Flags: review?(bugs)
this bug is created because of bug 1058470 comment 23.
Can you add a testcase?

For example, loading an iframe from a blob: URI and then checking its location.origin.

Or setting the href of an <a> element to a blob: URI and then checking its .origin.

Also, don't we need equivalent changes to nsContentUtils::GetASCIIOrigin?
Attached patch origin.patch (obsolete) — Splinter Review
do you mean this kind of test?
Attachment #8525356 - Attachment is obsolete: true
Attachment #8525356 - Flags: review?(bugs)
Attachment #8525378 - Flags: review?(bugs)
Comment on attachment 8525378 [details] [diff] [review]
origin.patch

Yep, like that.  r=me, since I've clearly been looking at this.
Attachment #8525378 - Flags: review?(bugs) → review+
Attached patch patch2.patch (obsolete) — Splinter Review
Attachment #8525490 - Flags: review?(bugs)
Comment on attachment 8525490 [details] [diff] [review]
patch2.patch

I'm not totally convinced we want to deal with uriWithPrincipal at all in these methods (feel like they make the methods do something magical, not something that the caller expects), but since bz was ok with the first patch, fine.
And looks like URIWithPrincipal is for nsHostObjectURI only atm.
Attachment #8525490 - Flags: review?(bugs) → review+
Attached patch origin.patch (obsolete) — Splinter Review
patch merged: https://tbpl.mozilla.org/?tree=Try&rev=5259cc02e97f
Attachment #8525378 - Attachment is obsolete: true
Attachment #8525490 - Attachment is obsolete: true
Keywords: checkin-needed
Attached patch origin.patchSplinter Review
comment added
Attachment #8525509 - Attachment is obsolete: true
I had to back out the original patch in https://hg.mozilla.org/integration/mozilla-inbound/rev/df4b53792111 because I couldn't keep holding the tree closed for the fix to land.
Flags: needinfo?(amarchesini)
The new patch fixes the problem. Sorry for the waiting for the new patch.
Flags: needinfo?(amarchesini)
https://hg.mozilla.org/mozilla-central/rev/1c5592132500
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Depends on: 1104193
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.