Disallow loading http(s) scripts into system privileged contexts
Categories
(Core :: DOM: Security, enhancement, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox74 | --- | fixed |
People
(Reporter: ckerschb, Assigned: ckerschb)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
We stopped loading remote documents/frames into system privileged contexts within Bug 1513445. I think we should enforce the same restrictions for scripts.
Assignee | ||
Comment 1•5 years ago
|
||
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Comment 3•5 years ago
|
||
Backed out for assertion failures on nsContentSecurityManager.cpp
Backout link: https://hg.mozilla.org/integration/autoland/rev/ffe0bfc6e195cbcc2bf46aece0a53ba65b23e3b6
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=284891245&repo=autoland&lineNumber=22087
Assignee | ||
Comment 4•5 years ago
|
||
Backout link: https://hg.mozilla.org/integration/autoland/rev/ffe0bfc6e195cbcc2bf46aece0a53ba65b23e3b6
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=284891245&repo=autoland&lineNumber=22087
Hah, seems we are loading remote scripts in system land - I'll take a look again - thanks!
Comment 6•5 years ago
|
||
Backed out for mochitest failures on test_input.html
Backout link: https://hg.mozilla.org/integration/autoland/rev/baba8b317e929f783d0675a90a448f77ef09274e
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=285354421&repo=autoland&lineNumber=45229
Comment 9•5 years ago
|
||
bugherder |
Description
•