Closed Bug 280613 Opened 20 years ago Closed 20 years ago

checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String (IDN)

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jshin1987, Assigned: jshin1987)

References

Details

(Keywords: intl, regression)

Attachments

(1 file)

patch
3.16 KB, patch
dveditz
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review 
urlSecurityCheck [1] doesn't work for urls with international host name (IDN)
because it's calling nsIScriptSecurityManager::checkLoadURIStr which takes
'string'. XPConvert asserts about data loss. Either we have to change the
interface or fix callers to use checkLoadURI that accepts nsIURI. 

It seems like this was exposed after 1.8a6 by some changes that decodes punycode
back to UTF-8 in URIspec.


[1]
http://lxr.mozilla.org/seamonkey/source/xpfe/communicator/resources/content/contentAreaUtils.js#53
Attached patch patchSplinter Review 
This is a simple patch to make loadCheckURIStr accept AUTF8String instead of
string.
Attachment #173052 - Flags: superreview?(darin)
Attachment #173052 - Flags: review?(dveditz)
caillon: look OK to you?
Comment on attachment 173052 [details] [diff] [review]
patch

r=dveditz.
Attachment #173052 - Flags: review?(dveditz) → review+
Comment on attachment 173052 [details] [diff] [review]
patch

dveditz: is this going to break that plugin again? ;-)

sr=darin
Attachment #173052 - Flags: superreview?(darin) → superreview+
thanks for r/sr. checked in.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Blocks: 253761
*** Bug 253761 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: