Closed Bug 223373 Opened 22 years ago Closed 22 years ago

Should always have a security manager

Categories

(Core :: DOM: Core & HTML, defect, P1)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.6beta

People

(Reporter: caillon, Assigned: caillon)

References

Details

Attachments

(1 file, 1 obsolete file)

Updated
9.93 KB, patch
Details | Diff | Splinter Review
After talking with jst tonight, we decided that not having a security manager in e.g., nsContentUtils is bad. I'll fix this up for beta. ----------------------------------------------------------------------------- <caillon> It seems that there should always be some kind of security manager. If some embeddor doesn't care about security (what are they smoking?) then I think they should implement a manager which just allows everything. <jst> I agree. Not having a security manager is silly. We should never need to check if a security manager poitner is non-null, it should be assumed. Implementors can write out that stubs out the methods and allows everything, as you said. I bet that would eliminate some ammount of silly code, up for sweaping over the tree and cleaning shit up? -----------------------------------------------------------------------------
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.6beta
PS: Please excuse all those typos and inconsistencies in the above writing from me. I was in dental surgery yesterday and I was (and I still am) on some really nice drugs when I wrote the above :-)
Attached patch Patch (obsolete) — Splinter Review
...and it goes a little something like this.
Comment on attachment 134359 [details] [diff] [review] Patch r+sr=bzbarsky, but why do we have this "iniatilizing" boolen? It's only used inside an assert. Should it be #ifdef DEBUG?
Attachment #134359 - Flags: superreview+
Attachment #134359 - Flags: review+
Yeah, that seems redundant. I removed the initializing variable since it is pretty much useless now. I also had to change nsContentUtils::sInitialized to non-debug and to not assert on shutdown since we end up calling nsContentUtils::Shutdown() twice on app shutdown (once for module shutdown, once for xpcom shutdown). I am talked to jst about this yesterday and he was fine with it. I'll post a new patch for posterity before checking in.
Attached patch UpdatedSplinter Review
Attachment #134359 - Attachment is obsolete: true
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: