Inappropriate use of nsContentPolicyType::TYPE_OTHER in nsMessageManagerScriptExecutor::TryCacheLoadAndCompileScript( )
Categories
(Core :: DOM: Core & HTML, task)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox81 | --- | fixed |
People
(Reporter: freddy, Assigned: freddy)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
The file at https://searchfox.org/mozilla-central/source/dom/base/nsFrameMessageManager.cpp#1209 is using TYPE_OTHER for loading scripts.
To ensure that all existing security checks are monitoring the right kind of loads, it seems more appropriate to use TYPE_SCRIPT.
For more information, see the blocking meta bug 1651987
|
||
Updated•4 years ago
|
|
Assignee | |
Comment 1•4 years ago
|
||
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 2•4 years ago
|
||
let's see if this passes https://treeherder.mozilla.org/#/jobs?repo=try&revision=e17a0b1dd8b10485bd4e45d1a10127bfc7342d73
|
|
Assignee | |
Comment 3•4 years ago
|
||
This is all green on try.
@ckerschb: kmag wondered if we should add a new type. Dunno if they are cheap / for free. We can land as-is or add a new nsicontentpolicytype. Do you have a preference?
|
||
Comment 4•4 years ago
|
||
(In reply to Frederik Braun [:freddy] from comment #3)
This is all green on try.
@ckerschb: kmag wondered if we should add a new type. Dunno if they are cheap / for free. We can land as-is or add a new nsicontentpolicytype. Do you have a preference?
Replied on Phab: https://phabricator.services.mozilla.com/D85977#2682456
|
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/12683a4cbe49 Add TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT and use in TryCacheLoadAndCompileScript(), r=kmag
|
||
Comment 6•4 years ago
|
||
| bugherder | ||
Description
•