Closed
Bug 1221692
Opened 9 years ago
Closed 9 years ago
Clean up references to playPreview and prevent content generation at runtime in pluginProblem.xml and PluginContent.jsm
Categories
(Core :: XBL, defect)
Core
XBL
Tracking
()
RESOLVED
DUPLICATE
of bug 1192831
People
(Reporter: codycrews00, Assigned: codycrews00)
Details
Attachments
(1 file)
7.28 KB,
patch
|
Details | Diff | Splinter Review |
Followup work from bug 1045034. With bug 1220901 already taking care of other concerns this should have everything handled.
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → codycrews00
Assignee | ||
Comment 1•9 years ago
|
||
Comment on attachment 8683248 [details] [diff] [review] removePlayPreviewContentGeneration.patch Review of attachment 8683248 [details] [diff] [review]: ----------------------------------------------------------------- This patch is part 1 of a set of changes being done for multiple issues found in bug 1045034. Here we clean up remaining references to playPreview, and stop runtime content generation which caused some interesting issues.
Attachment #8683248 -
Flags: review?(bobbyholley)
Comment 2•9 years ago
|
||
Hang on - is your tree up to date cody? It looks like this was already removed in bug 1192831...
Assignee | ||
Comment 3•9 years ago
|
||
I noticed the div for previewing content was already gone in the newer nightly builds. I didn't even use bundles for this, just the raw source and hg init, hg add etc. Wow I just looked over those bugs. I even asked yesterday how long until the work on jsplugins makes this pointless. It's all good though, we can mark this a dup of that work or something. The change protecting native anonymous subtrees and bindings with chromeOnlyContent is going to be the real gain here.
Assignee | ||
Comment 4•9 years ago
|
||
Sorry this is my fault, I knew playPreview stuff was being taken out. To even pinpoint that it was the runtime generation of that iframe element I had to use older releases that still had playPreview there. There's still enough gain from this for me to be happy with some wasted work, for once I feel like I'm actually gaining ground on the source because of how fast it moves. I'll be back on nightly builds from now on.
Updated•9 years ago
|
Group: core-security → dom-core-security
Comment 5•9 years ago
|
||
given comment 2 can this bug be resolved "worksforme" or is there remaining work here?
Flags: needinfo?(codycrews00)
Comment 6•9 years ago
|
||
Comment on attachment 8683248 [details] [diff] [review] removePlayPreviewContentGeneration.patch Review of attachment 8683248 [details] [diff] [review]: ----------------------------------------------------------------- ::: browser/modules/PluginContent.jsm @@ -307,5 @@ > case Ci.nsIObjectLoadingContent.PLUGIN_VULNERABLE_UPDATABLE: > return "PluginVulnerableUpdatable"; > case Ci.nsIObjectLoadingContent.PLUGIN_VULNERABLE_NO_UPDATE: > return "PluginVulnerableNoUpdate"; > - case Ci.nsIObjectLoadingContent.PLUGIN_PLAY_PREVIEW: Can you remove this from nsIObjectLoadingContent as well?
Attachment #8683248 -
Flags: review?(bobbyholley)
Comment 7•9 years ago
|
||
(In reply to Bobby Holley (busy) from comment #6) > Can you remove this from nsIObjectLoadingContent as well? Whoops, that was just a saved review comment before I realized this already happened. Ignore it.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Flags: needinfo?(codycrews00)
Assignee | ||
Comment 8•9 years ago
|
||
Bobby I cc'ed you over on bug 1220901. I realized there was hardly anyone on the cc list and im looking for input on locking down any alterations to native anonymous subtrees at runtime.
Updated•8 years ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•