Closed Bug 1914068 Opened 1 year ago Closed 1 year ago

Use principal URI for content analysis

Categories

(Firefox :: Data Loss Prevention, defect)

Product:
Firefox
Component:
Data Loss Prevention
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
132 Branch
Tracking Flags:
Tracking Status
firefox-esr128 --- verified
firefox132 --- verified

People

(Reporter: handyman, Assigned: gstoll)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

Bug 1914068 - pass correct URL to Content Analysis for same-origin iframes r=#dlp-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1914068 - pass correct URL to Content Analysis for same-origin iframes
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-esr128+
Details | Review

Right now we are using the document URI [1][2] but this can give the wrong URI for content like iframes. The list of callers may not be complete.

[1] https://searchfox.org/mozilla-central/source/toolkit/components/contentanalysis/ContentAnalysis.cpp#1737
[2] https://searchfox.org/mozilla-central/source/toolkit/components/contentanalysis/ContentAnalysis.cpp#1963

Does this need to block bug 1882607?

Flags: needinfo?(davidp99)

Whoops. Yeah, I think it should.

Blocks: 1882607
Flags: needinfo?(davidp99)
Assignee: nobody → gstoll
Status: NEW → ASSIGNED

The severity field is not set for this bug.
:handyman, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(davidp99)
See Also: → 1916804
Pushed by gstoll@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6216b4b406a5 pass correct URL to Content Analysis for same-origin iframes r=dlp-reviewers,win-reviewers,handyman

https://hg.mozilla.org/mozilla-central/rev/6216b4b406a5

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox132: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 132 Branch
Attachment #9422898 - Flags: approval-mozilla-esr128?

esr128 Uplift Approval Request

  • User impact if declined: wrong URL may be passed to DLP agent
  • Code covered by automated testing: yes
  • Fix verified in Nightly: yes
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: n/a
  • Risk associated with taking this patch: low
  • Explanation of risk level: only affects DLP
  • String changes made/needed: no
  • Is Android affected?: no
Attachment #9422898 - Flags: approval-mozilla-esr128? → approval-mozilla-esr128+
Severity: -- → S3
Flags: needinfo?(davidp99)

Hello Greg! Is there something we could manually verify here? Thank you in advance!

Flags: needinfo?(gstoll)

Hi! I've added automated tests for this, but you can test this manually too.

On this page, any DLP requests should have the URL of the outer page (https://gregstoll.github.io/iframes/prompts_iframe.html) and not the inner page (https://gregstoll.github.io/iframes/prompts.html), since they share the same origin.

On this page, any DLP requests should have the URL of the inner page (https://gregstoll.github.io/iframes/prompts.html) since they do not share the same origin.

Thanks!

Flags: needinfo?(gstoll)

(In reply to Greg Stoll :gstoll from comment #11)

Hi! I've added automated tests for this, but you can test this manually too.

On this page, any DLP requests should have the URL of the outer page (https://gregstoll.github.io/iframes/prompts_iframe.html) and not the inner page (https://gregstoll.github.io/iframes/prompts.html), since they share the same origin.

On this page, any DLP requests should have the URL of the inner page (https://gregstoll.github.io/iframes/prompts.html) since they do not share the same origin.

Thanks!

Thank you! Verified fixed with Firefox 132.0a1 (2024-09-24) and 128.3esr on Windows 11. The correct URL is displayed as stated in comment 11.

Status: RESOLVED → VERIFIED
Has STR: --- → yes
status-firefox132: fixedverified
status-firefox-esr128: fixedverified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: