Closed Bug 1274567 Opened 8 years ago Closed 8 years ago

Use DOMWindowCreated instead DOMContentLoaded to propagate the userContextId from content to parent process

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla49
Tracking Flags:
Tracking Status
firefox49 --- fixed

People

(Reporter: baku, Assigned: baku)

References

(Blocks 1 open bug)

Details

(Whiteboard: [userContextId][domsecurity-active])

Attachments

(3 files, 1 obsolete file)

signal.patch
1.08 KB, patch
smaug
: review+
Details | Diff | Splinter Review
names.patch
3.17 KB, patch
smaug
: review+
Details | Diff | Splinter Review
test.patch
2.57 KB, patch
smaug
: review+
Details | Diff | Splinter Review
Attached patch signal.patchSplinter Review 
      No description provided.
Attachment #8754818 - Flags: review?(bugs)
Blocks: ContextualIdentity
Comment on attachment 8754818 [details] [diff] [review]
signal.patch

So this is probably fine, but it isn't clear to me why we need to wait for anything here. Why can't you access
content.document.nodePrincipal.originAttributes.userContextId; synchronously when the script is executed?
Attachment #8754818 - Flags: review?(bugs) → review+
Whiteboard: [userContextId]
Whiteboard: [userContextId] → [userContextId][domsecurity-active]
I don't remember why we have this setup. Mike, can you help me answering this smaug's question?
Flags: needinfo?(mconley)
Attached patch names.patchSplinter Review 

        Attachment #8755221 -
        Flags: review?(bugs)

    
    

    
  
Btw, one case to test is something like

var w = window.open(); // no params
w.document.body.innerHTML = "hello world";

    
    

    
  

      
      
      
      

        Attached patch
          
          
        test.patch (obsolete)
        — Splinter Review
      

    


  

        Attachment #8755296 -
        Flags: review?(bugs)

    
    

    
  
Comment on attachment 8755296 [details] [diff] [review]
test.patch

I'm pretty sure this is missing a file ;)

        Attachment #8755296 -
        Flags: review?(bugs) → review-

    
    

    
  

      
      
      
      

        Attached patch
          
          
        test.patchSplinter Review
      

    


  

        Attachment #8755296 -
        Attachment is obsolete: true

        Attachment #8755397 -
        Flags: review?(bugs)

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/207d989869ec
https://hg.mozilla.org/mozilla-central/rev/c2bfa8578aac
Status: NEW → RESOLVED
Closed: 8 years ago

          status-firefox49:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49

    
    

    
  
smaug has a good point. I'm not certain we add any value by waiting for either DOMContentLoaded or DOMWindowCreated - if anything, we just make the code more complicated.

What happens if you just read the value when the script is loaded?
Flags: needinfo?(mconley) → needinfo?(amarchesini)

    
    

    
  
Yes, it works. I'll file a separate bug for this.
Flags: needinfo?(amarchesini)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: