Closed Bug 1363612 Opened 8 years ago Closed 8 years ago

Use a separate HTML instead of using inline data: URI

Categories

(Core :: DOM: Security, enhancement, P2)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla55
Tracking Flags:
Tracking Status
firefox55 --- fixed

People

(Reporter: allstars.chh, Assigned: allstars.chh)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(3 files, 1 obsolete file)

Part 1: move to seperate files
37.75 KB, patch
smaug
: review+
Details | Diff | Splinter Review
Part 2: move files for bug 677495
3.34 KB, patch
smaug
: review+
Details | Diff | Splinter Review
Part 3: fix for moz-binding: url
5.89 KB, patch
smaug
: review+
Details | Diff | Splinter Review
For following tests they either use window.location or window.open some data: URI, however this will fail once we turn off security.data_uri.inherit_security_contex dom/base/test/test_bug426646.html dom/tests/mochitest/dom-level0/test_location_setters.html dom/broadcastchannel/tests/test_bfcache.html dom/tests/mochitest/bugs/test_bug369306.html dom/tests/mochitest/bugs/test_bug622361.html dom/tests/mochitest/bugs/test_sizetocontent_clamp.html dom/xbl/test/test_bug310107.html dom/xml/test/test_bug691215.html I'll make them use a seperate file in this bug.
Priority: -- → P2
Status: NEW → ASSIGNED
Comment on attachment 8867072 [details] [diff] [review] Part 1: move to seperate files > function checkForLoad(win) { > if (!win.document.documentElement || >- win.document.documentElement.textContent != "Loaded") { >+ win.document.documentElement.innerText != "Loaded") { oh, is this because we get some more white spaces.
Attachment #8867072 - Flags: review?(bugs) → review+
Attachment #8867073 - Flags: review?(bugs) → review+
(In reply to Olli Pettay [:smaug] from comment #6) > Comment on attachment 8867072 [details] [diff] [review] > Part 1: move to seperate files > > > function checkForLoad(win) { > > if (!win.document.documentElement || > >- win.document.documentElement.textContent != "Loaded") { > >+ win.document.documentElement.innerText != "Loaded") { > oh, is this because we get some more white spaces. Yes, "\n" more precisely.
Attachment #8867075 - Flags: review?(bugs) → review+
Comment on attachment 8867082 [details] [diff] [review] Part 4: revise test_bug518104_html I don't understand this. Should loading script from data: work just fine. Is there some issue with document.write here? Please explain and ask review again or fix something. Please test also how other browsers work.
Attachment #8867082 - Flags: review?(bugs) → review-
(In reply to Olli Pettay [:smaug] from comment #8) > Please explain and ask review again or fix something. > Please test also how other browsers work. Smaug, you're right. I'll fix this. Originally I filed bug 1363629 to fix that test, later I thought it's the same problem with this bug so I duplicated it, now since it is a different problem, I'll reopen it, and post the fix there. Thanks
Attachment #8867082 - Attachment is obsolete: true
Summary: Use a seperate HTML instead of using inline data: URI → Use a separate HTML instead of using inline data: URI
https://hg.mozilla.org/mozilla-central/rev/a0e3dc83b335 https://hg.mozilla.org/mozilla-central/rev/adc78c679f03 https://hg.mozilla.org/mozilla-central/rev/22522049bc80
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: