Closed
Bug 1517301
Opened 5 years ago
Closed 5 years ago
A CSP error shouldn't be triggered for form-action if the submission has been canceled by JS
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla66
Tracking | Status | |
---|---|---|
firefox66 | --- | fixed |
People
(Reporter: julienw, Assigned: jkt)
Details
Attachments
(2 files)
STR: 1. Load the attached file. 2. Press the button. => Notice there's an error in the console despite the fact that `preventDefault` is called in the JS handler for the "submit" event. Note that this doesn't happen in Chrome.
Reporter | ||
Comment 1•5 years ago
|
||
(Note: Bugzilla adds its own CSP header, so the results are a bit different when loaded from bugzilla's domain, but the error is still displayed)
Comment 2•5 years ago
|
||
We may be checking this twice (when nsHTMLFormElement::GetActionURL is called) in which case this is just an annoying extra error. But it's possible we're checking too early which might give the JS event a chance to change the form-action from a valid destination to a CSP-bypassing one.
Comment 3•5 years ago
|
||
jkt to test to make sure there's no CSP bypass. If not this could be P3, if there is we should mark this as a security bug and make it a P2.
Flags: needinfo?(jkt)
Assignee | ||
Comment 4•5 years ago
|
||
I wasn't able to make a CSP bypass whilst the event handler fires so it seems that we are double checking the URL when perhaps we shouldn't need to be. Maybe I should add a check for this to my patch though.
Assignee: nobody → jkt
Flags: needinfo?(jkt)
Assignee | ||
Comment 5•5 years ago
|
||
Pushed by jkingston@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/45bb6ff923e9 Move CSP check for form-action to be within HTMLFormSubmission to prevent checking before the form should be submitted. r=ckerschb,smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/14779 for changes under testing/web-platform/tests
Comment 8•5 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in
before you can comment on or make changes to this bug.
Description
•