Closed
Bug 1301123
Opened 8 years ago
Closed 8 years ago
Add an assertion ensuring that documents and friends can never end up with an expanded principal
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla52
Tracking | Status | |
---|---|---|
firefox52 | --- | fixed |
People
(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)
References
Details
Attachments
(1 file)
(Obviously after the existing cases where this can happen have been fixed.) Boris, I'm currently thinking of adding the assertion to nsNodeInfoManager::SetDocumentPrincipal(). Can you think of other places where we'd want to assert this as well?
Flags: needinfo?(bzbarsky)
Comment 1•8 years ago
|
||
That one location should gate all the document stuff. I guess you could add something to where a window creates its global JSObject, to catch cases in which a window has a principal that doesn't match its document for some reason.
Flags: needinfo?(bzbarsky)
Assignee | ||
Comment 2•8 years ago
|
||
Attachment #8795884 -
Flags: review?(bobbyholley)
Comment 3•8 years ago
|
||
Comment on attachment 8795884 [details] [diff] [review] Add assertions ensuring that documents and inner windows cannot end up with an expanded principal Review of attachment 8795884 [details] [diff] [review]: ----------------------------------------------------------------- r=me with the window stuff removed. If there's a reason for it that I'm missing let's discuss further. ::: dom/base/nsGlobalWindow.cpp @@ +2664,5 @@ > bool sameOrigin = false; > nsIPrincipal *existing = > nsJSPrincipals::get(JS_GetCompartmentPrincipals(compartment)); > + MOZ_DIAGNOSTIC_ASSERT(!nsContentUtils::IsExpandedPrincipal(existing), > + "The inner window shouldn't have an expanded principal"); This doesn't seem right - we're in an #ifdef DEBUG (so the telemetry will never accumulate), and it seems a bit odd to me to check the _old_ principal in the inner window reuse case (not that it's wrong, but I just don't understand why we're checking it specifically). I'd think the check to make sure NodePrincipals are never expanded should be sufficient. ::: toolkit/components/telemetry/Histograms.json @@ +10497,5 @@ > + "expires_in_version": "58", > + "kind": "count", > + "description": "Number of documents encountered using an expanded principal." > + }, > + "WINDOW_WITH_EXPANDED_PRINCIPAL": { Again, it seems like this is subsumed by the document case and should be removed.
Attachment #8795884 -
Flags: review?(bobbyholley) → review+
Assignee | ||
Comment 4•8 years ago
|
||
I added the window code based on comment 1. Boris, are you OK with only a check in nsNodeInfoManager::SetDocumentPrincipal()?
Flags: needinfo?(bzbarsky)
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/93a20b9fe4f9 Add assertions ensuring that documents and inner windows cannot end up with an expanded principal; r=bholley
Comment 7•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/93a20b9fe4f9
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Assignee | ||
Updated•8 years ago
|
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•