Closed Bug 1126004 Opened 9 years ago Closed 9 years ago

Make JS callers of ios.newChannel call ios.newChannel2 in toolkit/components/places

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla38
Tracking Flags:
Tracking Status
firefox38 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

Attachments

(2 files, 2 obsolete files)

js_15_toolkit_components_places.patch
3.26 KB, patch
mak
: review+
Details | Diff | Splinter Review
js_15_toolkit_components_places_tests.patch
8.77 KB, patch
ckerschb
: review+
Details | Diff | Splinter Review 
Splitting up Bug 1087744 before it becomes too messy.

        Attachment #8554774 -
        Flags: review?(mak77)

    
    

    
  


  

        Attachment #8554775 -
        Flags: review?(mak77)
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
Blocks: 1087744

    
    

    
  
Copying over Marco's comment 25 from bug 1087744 so we don't lose context:


Comment on attachment 8553427 [details] [diff] [review] [diff] [review]
js_15_toolkit_components_places.patch

Review of attachment 8553427 [details] [diff] [review] [diff] [review]:
-----------------------------------------------------------------

::: toolkit/components/places/nsLivemarkService.js
@@ +671,5 @@
>        let loadgroup = Cc["@mozilla.org/network/load-group;1"].
>                        createInstance(Ci.nsILoadGroup);
> +      let feedPrincipal =
> +        secMan.getSimpleCodebasePrincipal(this.feedURI);
> +      let channel = NetUtil.newChannel2(this.feedURI.spec,

how much safe is this? What does getSimpleCodebasePrincipal do?
The truth here is that we can't get a principal from a document or such, we just have a feed uri and we want to read its contents.
It's effectively loading data from the Web. do we need any additional safety?

    
    

    
  
My question is still unanswered
Flags: needinfo?(mozilla)

    
    

    
  


  
(In reply to Tanvi Vyas [:tanvi] from comment #3)
> Copying over Marco's comment 25 from bug 1087744 so we don't lose context:
> 
> 
> Comment on attachment 8553427 [details] [diff] [review]
> js_15_toolkit_components_places.patch
> 
> Review of attachment 8553427 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> ::: toolkit/components/places/nsLivemarkService.js
> @@ +671,5 @@
> >        let loadgroup = Cc["@mozilla.org/network/load-group;1"].
> >                        createInstance(Ci.nsILoadGroup);
> > +      let feedPrincipal =
> > +        secMan.getSimpleCodebasePrincipal(this.feedURI);
> > +      let channel = NetUtil.newChannel2(this.feedURI.spec,
> 
> how much safe is this? What does getSimpleCodebasePrincipal do?
> The truth here is that we can't get a principal from a document or such, we
> just have a feed uri and we want to read its contents.
> It's effectively loading data from the Web. do we need any additional safety?

Sorry it took as so long to reply. We discussed the scenarios for feeds in our meeting today. Jonas, Tanvi and myself concluded that we should just create a principal from the feed uri using getNoAppCodebasePrincipal(). We know that we don't have a document available. The big difference between getNoAppCodebasePrincipal() and getSimpleCodebasePrincipal() is that getSimpleCodebasePrincipal() uses UNKNOWN_APP_ID whereas getNoAppCodebasePrincipal() uses NO_APP_ID. We should not make any network requests with an unknown appid, so I think the change we incorporated in that patch makes sense.

        Attachment #8554774 -
        Attachment is obsolete: true

        Attachment #8554774 -
        Flags: review?(mak77)
Flags: needinfo?(mozilla)

        Attachment #8559521 -
        Flags: review?(mak77)

    
    

    
  
Comment on attachment 8554775 [details] [diff] [review]
js_15_toolkit_components_places_tests.patch

Review of attachment 8554775 [details] [diff] [review]:
-----------------------------------------------------------------

::: toolkit/components/places/tests/favicons/test_moz-anno_favicon_mime_type.js
@@ +95,5 @@
> +                                  null,      // aLoadingNode
> +                                  Services.scriptSecurityManager.getSystemPrincipal(),
> +                                  null,      // aTriggeringPrincipal
> +                                  Ci.nsILoadInfo.SEC_NORMAL,
> +                                  Ci.nsIContentPolicy.TYPE_OTHER);

why not TYPE_IMAGE?

        Attachment #8554775 -
        Flags: review?(mak77) → review+

        Attachment #8559521 -
        Flags: review?(mak77) → review+

    
    

    
  


  
(In reply to Marco Bonardo [::mak] (needinfo? me) from comment #6)
> Comment on attachment 8554775 [details] [diff] [review]
> js_15_toolkit_components_places_tests.patch
> > +                                  Ci.nsIContentPolicy.TYPE_OTHER);
> 
> why not TYPE_IMAGE?

TYPE_IMAGE it is obviously - thanks!

        Attachment #8554775 -
        Attachment is obsolete: true

        Attachment #8560566 -
        Flags: review+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: