Open Bug 1359358 Opened 7 years ago Updated 2 years ago

Investigate triggeringPrincipal for loadURI() within nsDSURIContentListener.cpp

Categories

(Core :: DOM: Security, enhancement, P3)

enhancement

Tracking

()

People

(Reporter: ckerschb, Unassigned)

References

Details

(Whiteboard: [domsecurity-backlog1])

We should double check if we should use the systemPrincipal as the fallback principal in case there is no loadInfo, or if we should create a NullPrincipal. Please check for originattributes and test test_browserElement_inproc_XFrameOptionsAllowFrom.html which used to fail in case we use a nullPrincipal with the wrong origin attributes.
Blocks: 1359092
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.