Make nsHTMLContentSerializer handle noscript depending on the scripting enabled state of the document.
Categories
(Core :: DOM: Serializers, defect, P3)
Tracking
()
People
(Reporter: hsivonen, Assigned: hsivonen)
References
Details
(Keywords: sec-moderate, Whiteboard: [secdom:patch][post-critsmash-triage][adv-main109-][adv-esr102.7-])
Attachments
(1 file)
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
RyanVM
:
approval-mozilla-esr102+
|
Details | Review |
See bug 1683627: Make nsHTMLContentSerializer
handle noscript
depending on the scripting enabled state of the document.
Updated•3 years ago
|
Updated•3 years ago
|
Updated•3 years ago
|
Comment 1•3 years ago
|
||
Is this a security bug also, or just hidden because bug 1683627 currently is hidden?
Assignee | ||
Comment 2•3 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #1)
Is this a security bug also, or just hidden because bug 1683627 currently is hidden?
This was originally hidden because bug 1683627 is currently hidden, but now I think this has security bug potential in the Save As… case (to the extent opening Saved As pages isn't considered an open-ended security problem in general) and possibly even in the copy-paste case. Per spec, it seems that <iframe sandbox>
should be a way to materialize a renderable scripting-disabled doc that one could copy to clipboard from, but I didn't test it just now.
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Comment 3•3 years ago
|
||
Henri, could you try and see if this is actually an issue? Thanks.
Assignee | ||
Comment 4•3 years ago
|
||
Assignee | ||
Comment 5•3 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #3)
Henri, could you try and see if this is actually an issue? Thanks.
It seems easier to fix this than to prove whether it needs fixing.
Assignee | ||
Comment 6•3 years ago
|
||
Updated•3 years ago
|
Comment 7•3 years ago
|
||
Mirko, did you mean to mark the patch as needs revision? Thanks.
Well, the review contains open questions, the patch itself might be OK. Henri: can you please have a look at the open questions?
Comment 9•2 years ago
|
||
Any updates here? It looks like this bug stalled out about 8 months ago. Thanks.
Updated•2 years ago
|
Comment 10•1 year ago
|
||
The following patch is waiting for review from an inactive reviewer:
ID | Title | Author | Reviewer Status |
---|---|---|---|
D124892 | Bug 1687303 - Make nsHTMLContentSerializer handle noscript depending on the scripting enabled state of the document. | hsivonen | mbrodesser: Disabled |
:hsivonen, could you please find another reviewer or abandon the patch if it is no longer relevant?
For more information, please visit auto_nag documentation.
Comment 11•1 year ago
|
||
Edgar, can you find a new reviewer and help make sure the existing review feedback gets prioritized? It looks like the patch is almost ready and it would be nice to get our number of security bugs down.
Comment 12•1 year ago
|
||
(In reply to Frederik Braun [:freddy] from comment #11)
Edgar, can you find a new reviewer and help make sure the existing review feedback gets prioritized? It looks like the patch is almost ready and it would be nice to get our number of security bugs down.
Let me take this action and review the priorities. :)
Comment 13•1 year ago
|
||
(In reply to Hsin-Yi Tsai (she/her) [:hsinyi] from comment #12)
(In reply to Frederik Braun [:freddy] from comment #11)
Edgar, can you find a new reviewer and help make sure the existing review feedback gets prioritized? It looks like the patch is almost ready and it would be nice to get our number of security bugs down.
Let me take this action and review the priorities. :)
Henri submitted a revision and asked review from Edgar.
Assignee | ||
Comment 14•1 year ago
|
||
Added to Lando queue since sec-moderate.
Comment 15•1 year ago
|
||
Make nsHTMLContentSerializer handle noscript depending on the scripting enabled state of the document. r=edgar
https://hg.mozilla.org/integration/autoland/rev/6a46ccc50745ad60fac15bd5279824136588026a
https://hg.mozilla.org/mozilla-central/rev/6a46ccc50745
Updated•1 year ago
|
Comment 16•1 year ago
|
||
The patch landed in nightly and beta is affected.
:hsivonen, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox109
towontfix
.
For more information, please visit auto_nag documentation.
Assignee | ||
Comment 17•1 year ago
•
|
||
Comment on attachment 9240005 [details]
Bug 1687303 - Make nsHTMLContentSerializer handle noscript depending on the scripting enabled state of the document.
Beta/Release Uplift Approval Request
- User impact if declined: Unknown. This patch fixes what's obviously a bug, but I'm unsure of attack vectors. However, the patch to central pretty clearly highlights the bug for an attacker to figure out the vector to reach the bug. Not sure if we should uplift for that reason.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky):
- String changes made/needed: None
- Is Android affected?: Yes
Comment 18•1 year ago
|
||
Comment on attachment 9240005 [details]
Bug 1687303 - Make nsHTMLContentSerializer handle noscript depending on the scripting enabled state of the document.
Approved for 109.0b6 and 102.7esr.
Comment 19•1 year ago
|
||
uplift |
Updated•1 year ago
|
Updated•1 year ago
|
Updated•9 months ago
|
Description
•