Closed Bug 1655714 Opened 5 years ago Closed 5 years ago

Inappropriate use of nsContentPolicyType::TYPE_OTHER in nsMessageManagerScriptExecutor::TryCacheLoadAndCompileScript( )

Tracking

()

Status:

RESOLVED FIXED

Milestone:

81 Branch

Tracking Flags:

Tracking

Status

firefox81

---

fixed

People

(Reporter: freddy, Assigned: freddy)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1655714 - Add TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT and use in TryCacheLoadAndCompileScript(), r?kmag 5 years ago Frederik Braun [:freddy] 47 bytes, text/x-phabricator-request		Details \| Review

Frederik Braun [:freddy]

Assignee

Description

•

5 years ago

The file at https://searchfox.org/mozilla-central/source/dom/base/nsFrameMessageManager.cpp#1209 is using TYPE_OTHER for loading scripts.

To ensure that all existing security checks are monitoring the right kind of loads, it seems more appropriate to use TYPE_SCRIPT.

For more information, see the blocking meta bug 1651987

Hsin-Yi Tsai (she/her) [:hsinyi]

Updated

•

5 years ago

Severity: -- → S3

Frederik Braun [:freddy]

Assignee

Comment 1

•

5 years ago

Attached file Bug 1655714 - Add TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT and use in TryCacheLoadAndCompileScript(), r?kmag — Details

Phabricator Automation

Updated

•

5 years ago

Assignee: nobody → fbraun

Status: NEW → ASSIGNED

Frederik Braun [:freddy]

Assignee

Comment 2

•

5 years ago

let's see if this passes https://treeherder.mozilla.org/#/jobs?repo=try&revision=e17a0b1dd8b10485bd4e45d1a10127bfc7342d73

Frederik Braun [:freddy]

Assignee

Comment 3

•

5 years ago

This is all green on try.
@ckerschb: kmag wondered if we should add a new type. Dunno if they are cheap / for free. We can land as-is or add a new nsicontentpolicytype. Do you have a preference?

Flags: needinfo?(ckerschb)

Christoph Kerschbaumer [:ckerschb}

Comment 4

•

5 years ago

(In reply to Frederik Braun [:freddy] from comment #3)

This is all green on try.
@ckerschb: kmag wondered if we should add a new type. Dunno if they are cheap / for free. We can land as-is or add a new nsicontentpolicytype. Do you have a preference?

Replied on Phab: https://phabricator.services.mozilla.com/D85977#2682456

Flags: needinfo?(ckerschb)

Phabricator Automation

Updated

•

5 years ago

Attachment #9168084 - Attachment description: Bug 1655714 - Use TYPE_SCRIPT in TryCacheLoadAndCompileScript(), r?kmag → Bug 1655714 - Use TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT in TryCacheLoadAndCompileScript(), r?kmag

Phabricator Automation

Updated

•

5 years ago

Attachment #9168084 - Attachment description: Bug 1655714 - Use TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT in TryCacheLoadAndCompileScript(), r?kmag → Bug 1655714 - Add TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT and use in TryCacheLoadAndCompileScript(), r?kmag

Pulsebot

Comment 5

•

5 years ago

Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/12683a4cbe49 Add TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT and use in TryCacheLoadAndCompileScript(), r=kmag

Andreea Pavel [:apavel]

Comment 6

•

5 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/12683a4cbe49

Status: ASSIGNED → RESOLVED

Closed: 5 years ago

status-firefox81: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → 81 Branch

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Inappropriate use of nsContentPolicyType::TYPE_OTHER in nsMessageManagerScriptExecutor::TryCacheLoadAndCompileScript( )

Categories

(Core :: DOM: Core & HTML, task)

Tracking

()

People

(Reporter: freddy, Assigned: freddy)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Updated

Comment 2

Comment 3

Comment 4

Updated

Updated

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type