Closed
Bug 1182540
Opened 9 years ago
Closed 9 years ago
Use channel->ascynOpen2 in dom/html/HTMLTrackElement.cpp
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla42
Tracking | Status | |
---|---|---|
firefox42 | --- | fixed |
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
Attachments
(1 file, 1 obsolete file)
5.28 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Assignee | ||
Comment 1•9 years ago
|
||
Attachment #8636215 -
Flags: review?(jonas)
Attachment #8636215 -
Flags: review?(jonas) → review+
Assignee | ||
Comment 2•9 years ago
|
||
Simplified the NodeType() checking within contentsecurityManager. Carrying over r+ from Jonas.
Attachment #8636215 -
Attachment is obsolete: true
Attachment #8637398 -
Flags: review+
Assignee | ||
Comment 3•9 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=90e59cd616ae
Assignee | ||
Comment 4•9 years ago
|
||
url: https://hg.mozilla.org/integration/mozilla-inbound/rev/7f458c4bd2713cfaea02eddcb48470d535c9b815 changeset: 7f458c4bd2713cfaea02eddcb48470d535c9b815 user: Christoph Kerschbaumer <mozilla@christophkerschbaumer.com> date: Sat Jul 25 10:29:22 2015 -0700 description: Bug 1182540 - Use channel->ascynOpen2 in dom/html/HTMLTrackElement.cpp (r=sicking)
Comment 5•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/7f458c4bd271
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox42:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
Comment 6•9 years ago
|
||
Comment on attachment 8637398 [details] [diff] [review] bug_1182540_asyncopen2_htmltrackelement.patch Was out last week, so just seeing this now. - rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_INTERNAL_TRACK, - uri, - NodePrincipal(), - static_cast<Element*>(this), rv = NS_NewChannel(getter_AddRefs(channel), uri, static_cast<Element*>(this), - nsILoadInfo::SEC_NORMAL, + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS, nsIContentPolicy::TYPE_INTERNAL_TRACK, loadGroup); Are NodePrincipal and the principal of static_cast<Element*>(this) the same? With this change, Content Policies will get the loadingPrincipal from 'this'. Previously, it was passed in a loadingPrincipal of "NodePrinicipal()". If they are the same, then we are good. If they are different, we may need to investigate more. My guess is that NodePrincipal will be the principal of the document that the track element is in. 'this' will refer to the track element itself and have a principal matching the track's src attribute. Content Policy API should then look for the track elements parent and pass it as requestPrincipal when doing security checks. I don't know if the API gets the parent before calling the individual policies. Example: if you have https://a.com with <track src=https://b.com> then the call to Content Policy would have previously received a requestingPrincipal of a.com and will now receive a requestingPrincipal of b.com. I recall discussing this with Jonas before; we said that requestingContext is sometimes the element itself and sometimes the document. Jonas said we should pass the element (as we do here) whenever we can to provide the most information possible, and let Content Policies find the appropriate parent node when necessary.
(In reply to Tanvi Vyas [:tanvi] from comment #6) > Are NodePrincipal and the principal of static_cast<Element*>(this) the same? Yes. The way we get the principal from a node is that we call the NodePrincipal() function. > My guess is that NodePrincipal will be the principal of the document that > the track element is in. That is correct. > 'this' will refer to the track element itself That is correct. > and have a principal matching the track's src attribute. That is not correct. The principal of a node is never affected by what content it is loading. It is only affected by what document the node is in. So an <img src> element always has the principal of the node's ownerDocument. It is completely unaffected by what image it has loaded.
Comment 8•9 years ago
|
||
Indeed. The image _data_ has its own separate principal, but that has nothing to do with the principal of the node.
You need to log in
before you can comment on or make changes to this bug.
Description
•