Closed Bug 1698449 Opened 4 years ago Closed 4 years ago

Try to not create a resource: URI browser window using a SystemPrincipal

Categories

(Core :: DOM: Security, task, P2)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
89 Branch
Tracking Flags:
Tracking Status
firefox89 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1698449: Update test browser_resource_uri.js
48 bytes, text/x-phabricator-request
Details | Review
No description provided.

Hey Zibi, within Bug 1670244 we want to ensure we never load a document with incorrect principal in the wrong type of webIsolated process. To comply with that rule we have to update certain callsites. One of those callistes is for example is the loading of resource://l10n-test/test.html within the test browser_resource_uri.js#39.

I assume you wanted to explicitly test that resource://l10n-test/test.html is loaded with a SystemPrincipal? If not, can we update that? Any suggestions?

Flags: needinfo?(zbraniecki)

I assume you wanted to explicitly test that resource://l10n-test/test.html is loaded with a SystemPrincipal?

:mossop - is that accurate?

Flags: needinfo?(zbraniecki) → needinfo?(dtownsend)

On the contrary I think we want the test page to be loaded in a non-system principal: https://searchfox.org/mozilla-central/source/dom/l10n/tests/mochitest/document_l10n/non-system-principal/test.html#9-10

Flags: needinfo?(dtownsend)
Pushed by mozilla@christophkerschbaumer.com: https://hg.mozilla.org/integration/autoland/rev/7db5c3e9f7ba Update test browser_resource_uri.js r=mossop

https://hg.mozilla.org/mozilla-central/rev/7db5c3e9f7ba

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox89: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 89 Branch
Regressions: 1701621
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: