data:font same-origin-check test case is not written correctly

RESOLVED FIXED in Firefox 57

Status

()

Core
DOM: Security
P2
normal
RESOLVED FIXED
10 months ago
10 months ago

People

(Reporter: hchang, Assigned: hchang)

Tracking

(Blocks: 1 bug)

unspecified
mozilla57
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox57 fixed)

Details

(Whiteboard: [domsecurity-active])

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Assignee)

Description

10 months ago
Current data:font same-origin check relies on accessing document.fonts.size [1] but I don't see any restriction on that. See my test page below:

http://elefant.github.io/data-uri/font.html

The correct way to test it should be something like cross-domain @font-face in css.

[1] http://searchfox.org/mozilla-central/rev/0f16d437cce97733c6678d29982a6bcad49f817b/dom/base/test/test_data_uri.html#88
(Assignee)

Updated

10 months ago
Assignee: nobody → hchang
(Assignee)

Updated

10 months ago
Blocks: 1365145
(Assignee)

Updated

10 months ago
Status: NEW → ASSIGNED
(Assignee)

Updated

10 months ago
Summary: data:font same origin check is not done correctly → data:font same-origin-check test case is not written correctly

Updated

10 months ago
Priority: -- → P2
Whiteboard: [domsecurity-active]
Comment hidden (mozreview-request)
Comment hidden (mozreview-request)
(Assignee)

Updated

10 months ago
Attachment #8895279 - Flags: review?(ckerschb)

Comment 4

10 months ago
mozreview-review
Comment on attachment 8895279 [details]
Bug 1388606 - Test case for ensuring data:font is treated same-origin.

https://reviewboard.mozilla.org/r/166466/#review171618

looks good to me, thanks. r=ckerschb
Attachment #8895279 - Flags: review?(ckerschb) → review+

Comment 5

10 months ago
Pushed by hchang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5bf5f9a8b4a7
Test case for ensuring data:font is treated same-origin. r=ckerschb

Comment 6

10 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/5bf5f9a8b4a7
Status: ASSIGNED → RESOLVED
Last Resolved: 10 months ago
status-firefox57: --- → fixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
(Assignee)

Updated

10 months ago
See Also: → bug 1381744
You need to log in before you can comment on or make changes to this bug.