Closed Bug 1566452 Opened 6 years ago Closed 6 years ago

HTMLFormSubmission needs to pass CSP to OnLinkClickSync

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: ckerschb, Assigned: beriksson)

References

Details

(Whiteboard: [domsecurity-active])

The code within HTMLFormSubmission [1] needs to pass the CSP so navigate-to can query it within the docshell.

[1] https://searchfox.org/mozilla-central/source/dom/html/HTMLFormElement.cpp#703

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID

There is a fallback in OnLinkClickSync [1] which sets the CSP if it was not passed explicitly.

[1] https://searchfox.org/mozilla-central/source/docshell/base/nsDocShell.cpp#12837

You need to log in before you can comment on or make changes to this bug.