Open
Bug 1456486
Opened 7 years ago
Updated 2 years ago
Check the return value of ThirdPartyUtil::IsThirdParty*
Categories
(Core :: DOM: Security, enhancement, P2)
Core
DOM: Security
Tracking
()
ASSIGNED
People
(Reporter: francois, Assigned: dimi)
References
(Blocks 1 open bug)
Details
(Whiteboard: tp-leak [domsecurity-backlog2])
The channel classifier uses ThirdPartyUtil but doesn't check the return value:
https://searchfox.org/mozilla-central/rev/8f06c1b9a080b84435a2906e420fe102e1ed780b/netwerk/base/nsChannelClassifier.cpp#356-368
This potentially feeds bogus values into the rest of its checks.
We should check the return value in that function, as well as for all other callers of IsThirdPartyURI() and IsThirdPartyChannel().
Once all callers are doing the right thing, we should use the template/macro that enforces the use of the return value.
|
||
Updated•7 years ago
|
Assignee: nobody → francois
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: tp-leak → tp-leak, [domsecurity-active]
|
Reporter | |
Updated•6 years ago
|
Assignee: francois → nobody
Status: ASSIGNED → NEW
|
|
Reporter | |
Updated•6 years ago
|
Whiteboard: tp-leak, [domsecurity-active] → tp-leak
|
||
Updated•6 years ago
|
Priority: P2 → P3
Whiteboard: tp-leak → tp-leak [domsecurity-backlog2]
|
|
||
Comment 1•6 years ago
|
||
Hey Francois, you sure we shouldn't do that? We could have someone else look into it in case you are busy with other things. What do you think?
Flags: needinfo?(francois)
|
|
Reporter | |
Comment 2•6 years ago
|
||
I do think we should do it. In fact, it's part of the anti-tracking plan, though it's not in a high-priority phase.
I'd say P2 is a good priority. I'm hoping Dimi can pick it up at some point (maybe Q4).
Flags: needinfo?(francois)
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → dlee
Status: NEW → ASSIGNED
Priority: P3 → P2
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•