Closed Bug 223373 Opened 21 years ago Closed 21 years ago

Should always have a security manager

Categories

(Core :: DOM: Core & HTML, defect, P1)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.6beta

People

(Reporter: caillon, Assigned: caillon)

References

Details

Attachments

(1 file, 1 obsolete file)

Updated
9.93 KB, patch
Details | Diff | Splinter Review 
After talking with jst tonight, we decided that not having a security manager in
e.g., nsContentUtils is bad.  I'll fix this up for beta.

-----------------------------------------------------------------------------
<caillon> It seems that there should always be some kind of security manager. 
If some embeddor doesn't care about security (what are they smoking?) then I
think they should implement a manager which just allows everything.

<jst> I agree. Not having a security manager is silly. We should never need to
check if a security manager poitner is non-null, it should be assumed.
Implementors can write out that stubs out the methods and allows everything, as
you said.  I bet that would eliminate some ammount of silly code, up for
sweaping over the tree and cleaning shit up?
-----------------------------------------------------------------------------
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.6beta
PS: Please excuse all those typos and inconsistencies in the above writing from
me. I was in dental surgery yesterday and I was (and I still am) on some really
nice drugs when I wrote the above :-)
Attached patch Patch (obsolete) — Splinter Review 
...and it goes a little something like this.
Comment on attachment 134359 [details] [diff] [review]
Patch

r+sr=bzbarsky, but why do we have this "iniatilizing" boolen?  It's only used
inside an assert.  Should it be #ifdef DEBUG?
Attachment #134359 - Flags: superreview+
Attachment #134359 - Flags: review+
Yeah, that seems redundant.  I removed the initializing variable since it is
pretty much useless now.  I also had to change nsContentUtils::sInitialized to
non-debug and to not assert on shutdown since we end up calling
nsContentUtils::Shutdown() twice on app shutdown (once for module shutdown, once
for xpcom shutdown).  I am talked to jst about this yesterday and he was fine
with it.  I'll post a new patch for posterity before checking in.
Attached patch UpdatedSplinter Review 

        Attachment #134359 -
        Attachment is obsolete: true

    
    

    
  
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: