Closed
Bug 1655716
Opened 4 years ago
Closed 4 years ago
Inappropriate use of nsContentPolicyType::TYPE_OTHER in nsContentPolicyType HTMLLinkElement::AsValueToContentPolicy()
Categories
(Core :: DOM: Security, task, P3)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
81 Branch
Tracking | Status | |
---|---|---|
firefox81 | --- | fixed |
People
(Reporter: freddy, Assigned: freddy)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [domsecurity-backlog1])
Attachments
(1 file)
The file at https://searchfox.org/mozilla-central/source/dom/html/HTMLLinkElement.cpp#537 is using TYPE_OTHER.
To ensure that all existing security checks are monitoring the right kind of loads, it seems more appropriate to use TYPE_FETCH.
For more information, see the blocking meta bug 1651987
Updated•4 years ago
|
Severity: -- → S4
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Assignee | ||
Comment 1•4 years ago
|
||
Updated•4 years ago
|
Assignee: nobody → fbraun
Status: NEW → ASSIGNED
Updated•4 years ago
|
Attachment #9168088 -
Attachment description: Bug 1655716 - Use TYPE_FETCH in HTMLLinkElement::AsValueToContentPolicy() - r?emilio → Bug 1655716 - Introduce TYPE_INTERNAL_FETCH_PRELOAD and use in HTMLLinkElement::AsValueToContentPolicy() - r?emilio
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e5816310d689 Introduce TYPE_INTERNAL_FETCH_PRELOAD and use in HTMLLinkElement::AsValueToContentPolicy() - r=emilio,mayhemer,ckerschb
Comment 4•4 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox81:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•