Closed
Bug 1309067
Opened 8 years ago
Closed 8 years ago
add assertions that compare the private browsing boolean and the private browsing OriginAttribute for places that have not been converted
Categories
(Core :: DOM: Security, defect, P2)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla53
| Tracking | Status | |
|---|---|---|
| firefox53 | --- | fixed |
People
(Reporter: huseby, Assigned: huseby)
References
(Blocks 1 open bug)
Details
(Whiteboard: [OA][domsecurity-backlog])
Attachments
(1 file, 2 obsolete files)
|
1.83 KB,
patch
|
huseby
:
review+
|
Details | Diff | Splinter Review |
We need to convince ourselves that the private browser origin attribute correctly matches the private browsing boolean flag that it is replaces. This bug is to add a bunch of assertions in the code to make sure that the origin attribute matches the boolean.
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → huseby
|
|
Assignee | |
Comment 1•8 years ago
|
||
Notes from a recent contextual identities meeting:
Check in docshell - check if private browsing mode flag in Origin Attribute is set correctly for Content docShells
chrome docshell shouldn't have a private browser id set; but the xul page has an attribute that we can use to set in the content docshell.
check that chrome docshells never have private browsing mode set.
Addons have chrome docshells have addonids set; but chrome docshells should have default Origin Attributes
|
||
Comment 2•8 years ago
|
||
(In reply to Dave Huseby [:huseby] from comment #1)
> Notes from a recent contextual identities meeting:
>
> Check in docshell - check if private browsing mode flag in Origin
> Attribute is set correctly for Content docShells
Are the existing assertions there insufficient?
> chrome docshell shouldn't have a private browser id set; but the xul
> page has an attribute that we can use to set in the content docshell.
I'm not sure if I understand this one...
> check that chrome docshells never have private browsing mode set.
Again, are the existing assertions for this not sufficient?
> Addons have chrome docshells have addonids set; but chrome docshells
> should have default Origin Attributes
Yeah, although I have a hard time imagining what the exact condition you're interested in is. There's a chance that there are existing assertions covering that.
|
|
Assignee | |
Comment 3•8 years ago
|
||
Ehsan, disregard Comment 1, it's the wrong bug. That was intended for Bug 1309070.
|
||
Updated•8 years ago
|
Whiteboard: [OA] → [OA][domsecurity-backlog]
|
|
Assignee | |
Comment 4•8 years ago
|
||
The plan for this bug has shifted to be one that adds diagnostic asserts to nsDocShell, per the discussion on origin attributes invariants. The notes are here: https://public.etherpad-mozilla.org/p/PrivateBrowsingInvariants
|
|
Assignee | |
Comment 5•8 years ago
|
||
The existing AssertOriginAttributesMatchPrivateBrowsing() is sufficient for asserting this in the docshell. I'm resolving this as won't fix. See bug 1309070 for a couple more places I added calls to the function.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
|
|
Assignee | |
Comment 6•8 years ago
|
||
whoops, this is for every place else other than docshell.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
|
||
Updated•8 years ago
|
Summary: add assertions that compare the private browsing boolean and the private browsing OriginAttribute → add assertions that compare the private browsing boolean and the private browsing OriginAttribute for places that have not been converted
|
|
Assignee | |
Comment 7•8 years ago
|
||
I went through the entire list in this query:
https://dxr.mozilla.org/mozilla-central/search?q=PrivateBrowsing+ext%3Acpp&redirect=true
and I was only able to find a couple places where we have the old boolean and the new origin attributes available. this patch is a WIP until I can get a clobber build and try push through.
|
|
Assignee | |
Comment 8•8 years ago
|
||
|
|
Assignee | |
Comment 9•8 years ago
|
||
After reviewing all of the PrivateBrowsing instances in the cpp code, these are the only asserts I found to add.
Attachment #8811176 -
Attachment is obsolete: true
Attachment #8811536 -
Flags: review?(ehsan)
|
|
||
Comment 10•8 years ago
|
||
Comment on attachment 8811536 [details] [diff] [review]
Bug_1309067.patch
Review of attachment 8811536 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/indexedDB/IDBFactory.cpp
@@ +611,5 @@
> + {
> + uint32_t privateBrowsingId = 0;
> + aPrincipal->GetPrivateBrowsingId(&privateBrowsingId);
> + MOZ_DIAGNOSTIC_ASSERT(mPrivateBrowsingMode == (privateBrowsingId > 0));
> + }
This can be written much more simply as:
MOZ_DIAGNOSTIC_ASSERT(mPrivateBrowsingMode == (aPrincipal->GetPrivateBrowsingId() > 0));
Also please remove the nested scope.
Attachment #8811536 -
Flags: review?(ehsan) → review+
|
|
Assignee | |
Comment 11•8 years ago
|
||
Updated patch with review feedback. r+ ehsan
try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f4e6156c5e41d0cd5b498c5db1302b171b4c8084
Attachment #8811536 -
Attachment is obsolete: true
Attachment #8811886 -
Flags: review+
|
|
Assignee | |
Updated•8 years ago
|
Keywords: checkin-needed
|
||
Comment 12•8 years ago
|
||
Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c21850fc2d08
adding asserts to ensure boolean and OA private browsing values match. r=ehsan
Keywords: checkin-needed
|
||
Comment 13•8 years ago
|
||
| bugherder | ||
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
status-firefox53:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
|
||
Updated•8 years ago
|
Priority: P3 → P2
|
||
Comment 15•8 years ago
|
||
Is there another bug tracking failed assertions from this bug? (e.g. this crash bp-38dfc043-6b36-4b4e-9998-d26ee2170223)
Flags: needinfo?(huseby)
You need to log in
before you can comment on or make changes to this bug.
Description
•