Closed
Bug 1274567
Opened 8 years ago
Closed 8 years ago
Use DOMWindowCreated instead DOMContentLoaded to propagate the userContextId from content to parent process
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla49
Tracking | Status | |
---|---|---|
firefox49 | --- | fixed |
People
(Reporter: baku, Assigned: baku)
References
(Blocks 1 open bug)
Details
(Whiteboard: [userContextId][domsecurity-active])
Attachments
(3 files, 1 obsolete file)
1.08 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
3.17 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
2.57 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Attachment #8754818 -
Flags: review?(bugs)
Assignee | ||
Updated•8 years ago
|
Blocks: ContextualIdentity
Comment on attachment 8754818 [details] [diff] [review] signal.patch So this is probably fine, but it isn't clear to me why we need to wait for anything here. Why can't you access content.document.nodePrincipal.originAttributes.userContextId; synchronously when the script is executed?
Attachment #8754818 -
Flags: review?(bugs) → review+
Updated•8 years ago
|
Whiteboard: [userContextId]
Updated•8 years ago
|
Whiteboard: [userContextId] → [userContextId][domsecurity-active]
Assignee | ||
Comment 3•8 years ago
|
||
I don't remember why we have this setup. Mike, can you help me answering this smaug's question?
Flags: needinfo?(mconley)
Assignee | ||
Comment 4•8 years ago
|
||
Attachment #8755221 -
Flags: review?(bugs)
Attachment #8755221 -
Flags: review?(bugs) → review+
Btw, one case to test is something like var w = window.open(); // no params w.document.body.innerHTML = "hello world";
Assignee | ||
Comment 6•8 years ago
|
||
Attachment #8755296 -
Flags: review?(bugs)
Comment on attachment 8755296 [details] [diff] [review] test.patch I'm pretty sure this is missing a file ;)
Attachment #8755296 -
Flags: review?(bugs) → review-
Assignee | ||
Comment 9•8 years ago
|
||
Attachment #8755296 -
Attachment is obsolete: true
Attachment #8755397 -
Flags: review?(bugs)
Attachment #8755397 -
Flags: review?(bugs) → review+
Comment 10•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/207d989869ec https://hg.mozilla.org/mozilla-central/rev/c2bfa8578aac
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Comment 11•8 years ago
|
||
smaug has a good point. I'm not certain we add any value by waiting for either DOMContentLoaded or DOMWindowCreated - if anything, we just make the code more complicated. What happens if you just read the value when the script is loaded?
Flags: needinfo?(mconley) → needinfo?(amarchesini)
Assignee | ||
Comment 12•8 years ago
|
||
Yes, it works. I'll file a separate bug for this.
Flags: needinfo?(amarchesini)
You need to log in
before you can comment on or make changes to this bug.
Description
•