Closed Bug 1355996 Opened 4 years ago Closed 4 years ago
Inspector uses unsafe CPOWs to find CSS selector for node to select
We disabled unsafe CPOWs in Firefox code a while ago. However, it looks like devtools code is being counted as an add-on because of bug 1355994. I did a try push to see where unsafe CPOWs are actually being used in devtools, and I only see one place. In nsContextMenu.js, we pass this.target, which is a CPOW, to inspectNode: http://searchfox.org/mozilla-central/rev/624d25b2980cf5f83452b040e6d664460f9b7ec5/browser/base/content/nsContextMenu.js#575 That then calls findCssSelector on the node: http://searchfox.org/mozilla-central/rev/2fc8c8d483d9ec9fd0ec319c6c53807f7fa8e8a2/devtools/client/framework/devtools-browser.js#305 An easy fix for this in the short term would be to store the selector when the context menu is generated. During that time, the CPOW would be considered "safe". A better fix would be to generate the selector in a content script (somewhere around ) and send it to the parent.  http://searchfox.org/mozilla-central/rev/2fc8c8d483d9ec9fd0ec319c6c53807f7fa8e8a2/browser/base/content/content.js#190
We've been planning on including the CSS selector for context menu events for the sake of WebExtensions, anyway, so we should probably just do that and be done with it.
DevTools bug triage (filter on CLIMBING SHOES).
Priority: -- → P3
I currently have a patch for Bug 1356415 that also fixes this issue. Taking the bug in the meantime.
Assignee: nobody → jdescottes
Status: NEW → ASSIGNED
It looks like bug 1356415 fixed that.
Thank, forgot to follow up. Closing as duplicate.
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1356415
You need to log in before you can comment on or make changes to this bug.