Closed Bug 1400139 Opened 7 years ago Closed 7 years ago

Add telemetry for how often window.content is used from untrusted code

Categories

(Core :: DOM: Core & HTML, enhancement, P2)

Product:
Core
Component:
DOM: Core & HTML
Version:
53 Branch
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla57
Tracking Flags:
Tracking Status
firefox57 --- fixed

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

Details

Attachments

(3 files)

part 1. Add infrastructure for marking WebIDL interface members as non-enumerable
12.74 KB, patch
qdot
: review+
Details | Diff | Splinter Review
part 2. Make window.content non-enumerable
2.89 KB, patch
nika
: review+
Details | Diff | Splinter Review
part 3. Add a use counter when the window.content getter is called from untrusted code
3.77 KB, patch
nika
: review+
Details | Diff | Splinter Review 
Specifically, the plan is to do the following:

1) Make the property non-enumerable (needs some codegen changes).
2) Add a counter for how often the window resolve hook is run for a property named
   "content".  This will also trap sets of "content" and "var content", so might
   not turn out to be useful unless it's very very low; it's basically an upper 
   bound on "content" usage.
3) Add a counter for how often the getter is called from untrusted code.
Blocks: 1400140
Since we need this for removing it (bug 1400140), I guess P2 is appropriate.
Priority: -- → P2
Actually, I don't think #2 is at all useful, because we would trigger that resolve hook when setting up the window object itself...  I'm going to do the other pieces, though.

I did try to poke at GitHub searching for "content in window" (yes, I checked that it finds other detection code using a similar search, e.g. "scrollX in window"), and don't obviously see anyone using it for sniffing.
MozReview-Commit-ID: 9F0ZNverS63
Attachment #8908946 - Flags: review?(kyle)
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
MozReview-Commit-ID: LQkEkdG8wKf
Attachment #8908947 - Flags: review?(michael)
MozReview-Commit-ID: LFMK7lxs46Z
Attachment #8908949 - Flags: review?(michael)
Attachment #8908946 - Flags: review?(kyle) → review+
Attachment #8908947 - Flags: review?(michael) → review+
Comment on attachment 8908949 [details] [diff] [review]
part 3.  Add a use counter when the window.content getter is called from untrusted code

Review of attachment 8908949 [details] [diff] [review]:
-----------------------------------------------------------------

This patch adds a warning and, as far as I can tell, no usage counter, so the commit message is a bit confusing :-/
Attachment #8908949 - Flags: review?(michael)
Comment on attachment 8908949 [details] [diff] [review]
part 3.  Add a use counter when the window.content getter is called from untrusted code

> This patch adds a warning and, as far as I can tell, no usage counter

Everything in nsDeprecatedOperationList.h automatically gets a usage counter.  See http://searchfox.org/mozilla-central/rev/6769c4c331c85870ac3e7bf61968db98c16e4777/dom/base/UseCounter.h#29-32 and http://searchfox.org/mozilla-central/rev/6769c4c331c85870ac3e7bf61968db98c16e4777/dom/base/nsDocument.cpp#10543-10546 and so forth.
Attachment #8908949 - Flags: review?(michael)
Attachment #8908949 - Flags: review?(michael) → review+
Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/6ecbba14b2f3
part 1.  Add infrastructure for marking WebIDL interface members as non-enumerable.  r=qdot
https://hg.mozilla.org/integration/mozilla-inbound/rev/5bc10c68bbf7
part 2.  Make window.content non-enumerable.  r=mystor
https://hg.mozilla.org/integration/mozilla-inbound/rev/df23db5d453e
part 3.  Add a use counter when the window.content getter is called from untrusted code.  r=mystor
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: