Disallow http(s) resources to be loaded into system privileged documents
Categories
(Core :: DOM: Security, enhancement, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox68 | --- | fixed |
People
(Reporter: freddy, Assigned: freddy)
References
(Depends on 2 open bugs, Regressed 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(2 files, 3 obsolete files)
We should not allow top-level documents or subdocuments loaded with the SystemPrincipal to live on the web.
Assignee | ||
Comment 1•5 years ago
|
||
Green on try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=9556f6d4f279044d31b054390a81c7fbdb94ff17
Assignee | ||
Comment 2•5 years ago
|
||
Bug 1513445 - Disallow web documents loaded with the SystemPrincipal
Assignee | ||
Comment 3•5 years ago
|
||
New try run. Still green: https://treeherder.mozilla.org/#/jobs?repo=try&revision=d18b8148c2cd78532bbb5941bb88defee87fe53e
Assignee | ||
Comment 4•5 years ago
|
||
Pushed to try with the "!xpc::IsInAutomation()" case commented out - otherwise the new codepath is never executed. https://treeherder.mozilla.org/#/jobs?repo=try&revision=0937c0a71b0fa9c3c8d7a712dda1887c1f4cb74b
Comment 5•5 years ago
|
||
Assigning to you Freddy since you already are working on a patch...
Updated•5 years ago
|
Comment 6•5 years ago
|
||
Sorry, I meant to assign this one to you Freddy, not to myself (see comment 5 :-) ).
Assignee | ||
Comment 7•5 years ago
|
||
Assignee | ||
Comment 8•5 years ago
|
||
Depends on D19350
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/568de07e5c40
Disallow web documents loaded with the SystemPrincipal r=ckerschb
https://hg.mozilla.org/integration/autoland/rev/499f5b4d205d
add tests r=ckerschb
Comment 10•5 years ago
|
||
Backed out 2 changesets (bug 1513445) for causing xpc perma fails
push that caused the backout: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception&classifiedState=unclassified&selectedJob=238954089&revision=499f5b4d205d601f41f772e7eff3c52d3927e23e
backout: https://hg.mozilla.org/integration/autoland/rev/8fcb2ad64899854db6b7a4b27b8c7f518e95e528
Assignee | ||
Comment 11•5 years ago
|
||
Assignee | ||
Comment 12•5 years ago
|
||
Depends on D26680
Assignee | ||
Comment 13•5 years ago
|
||
Ah, thanks for the backout. Turns out, that xpcshell tests do not have a profile necessarily.
New revision should be OK, checks whether non-local connections are disabled.
Assignee | ||
Comment 14•5 years ago
|
||
Newest revision green on try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=4f40e4945deae99256b74e2ac1f12457a7c9e1d3&selectedJob=239054293
Assignee | ||
Updated•5 years ago
|
Comment 15•5 years ago
|
||
Pushed by opoprus@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/18f074af5d93
Disallow web documents loaded with the SystemPrincipal r=ckerschb
https://hg.mozilla.org/integration/autoland/rev/59c870edc677
add tests r=ckerschb
Comment 16•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/18f074af5d93
https://hg.mozilla.org/mozilla-central/rev/59c870edc677
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Updated•5 years ago
|
Description
•