Open
Bug 1467945
Opened 6 years ago
Updated 2 years ago
Improve correctness of opening web links in DevTools
Categories
(DevTools :: General, enhancement, P2)
DevTools
General
Tracking
(Not tracked)
NEW
People
(Reporter: jryans, Unassigned)
References
Details
To open links that come from arbitrary content in a new tab (such as stylesheets and scripts), we use the utility function `openWebLinkIn`[1] or our wrapper function `openWebLink`[2]. In many cases, we can use these functions without supplying a triggering principal (which will safely default to the null principal). However, there are cases (such as documents loaded via file://) where this will block the load. We can improve correctness by supplying the principal from the document that referenced the link. However, DevTools doesn't currently receive principal from the server, and simply trusting the value from the server could be vector for abuse, so we'll need to consider how to this carefully. (Until we have a real solution here, we can grab the content principal from a tab if we are doing local debugging, but that's a hack.) [1]: https://searchfox.org/mozilla-central/rev/edbf2c009992315d85eeb885e1b8edbbd43c84b7/browser/base/content/utilityOverlay.js#211 [2]: https://searchfox.org/mozilla-central/rev/edbf2c009992315d85eeb885e1b8edbbd43c84b7/devtools/client/shared/link.js#25
Updated•6 years ago
|
Product: Firefox → DevTools
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•