Closed Bug 1317813 Opened 9 years ago Closed 9 years ago

Remove the remaining security checks in windowutils

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla53
Tracking Flags:
Tracking Status
firefox53 --- fixed

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 1 obsolete file)

Remove the remaining security checks in windowutils, since untrusted script should never have its hands on this object
3.19 KB, patch
ehsan.akhgari
: review+
Details | Diff | Splinter Review
We removed most of them in bug 1018482 because we nixed its classinfo in 1017820. At the time we left these checks in because presumably there were C++ callers calling these methods or something? In any case, there are no such C++ callers anymore, and windowutils still has no classinfo so any JS caller will be system-principal. So we can remove these checks.
Attachment #8811035 - Attachment is obsolete: true
Attachment #8811035 - Flags: review?(ehsan)
Attachment #8811421 - Flags: review?(ehsan) → review+
Pushed by bzbarsky@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/d26f1371c83c Remove the remaining security checks in windowutils, since untrusted script should never have its hands on this object. r=ehsan
https://hg.mozilla.org/mozilla-central/rev/d26f1371c83c
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox53: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: