Closed
Bug 166650
Opened 22 years ago
Closed 21 years ago
SetHTMLAttribute needs security checks like SetAttribute
Categories
(Core :: Layout: Form Controls, defect, P2)
Core
Layout: Form Controls
Tracking
()
RESOLVED
FIXED
mozilla1.4alpha
People
(Reporter: john, Assigned: peterv)
References
Details
(Whiteboard: [sg:invalid?])
From the forms security review. There is no known exploit for this, but
SetHTMLAttribute does not do the same SetValue security checks as SetAttribute.
We should probably do the same thing there to protect against things.
Discussion needed; is this worth it?
|
||
Updated•22 years ago
|
Group: security?
|
||
Comment 1•22 years ago
|
||
SetHTMLAttribute() is not callable from script w/o going through SetAttribute(),
so I don't see us needeing to duplicate the security check in SetHTMLAttribute()...
IF there is no issue here, please close the bug.
Whiteboard: [sg:invalid?]
|
||
Comment 3•22 years ago
|
||
Let's put a comment in the code to make sure this never becomes a problem. Then
we'll mark this fixed. John, can you add the warning?
|
|
||
Comment 4•22 years ago
|
||
peterv, can you please add a comment in this code?
Assignee: jkeiser → peterv
Group: security?
|
Assignee | |
Updated•22 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → mozilla1.3beta
|
|
Assignee | |
Comment 5•22 years ago
|
||
Sure, so where exactly is the security check in SetAttribute that I should be
referring too?
OS: Windows XP → All
Hardware: PC → All
Target Milestone: mozilla1.3beta → mozilla1.4alpha
iirc this was about setting the value-attribute on an <input type=file>
Depends on: 232016
Fixed with the checkin of bug 232016 since the function doesn't exist any more,
and thus all callers of it now pass through the existing security mechanisms.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•