290420 - Firefox context menu code shouldn't rely on localname tests

Status: RESOLVED FIXED

(Firefox :: General, defect, P2)

Description

[Boris Zbarsky [:bzbarsky]]

The Firefox context menu code uses the localName of DOM nodes to identify the
type of node.  It should just use the appropriate |instanceof| tests instead. 
For example, replace:

296             } else if ( this.target.localName.toUpperCase() == "TEXTAREA" ) {
297                  this.onTextInput = true;
298             } else if ( this.target.localName.toUpperCase() == "HTML" ) {

with:

  } else if ( this.target instanceof HTMLTextAreaElement ) {
      this.onTextInput = true;
  } else if ( this.target instanceof HTMLHtmlElement ) {

etc.  As things stand, the code behaves incorrectly for XML documents, and the
existing code may even be subject to spoofing or security issues (see bug 290324
for an example, though with an extension).

Note also bug 245660, which removes some cases of this.

Comment 1

[Asaf Romano (gone)]

Attachment: patch

I am sure if I need to lowercase the type property.

Comment 2

[Boris Zbarsky [:bzbarsky]]

I won't be able to get to this till July, and this needs review from firefox
folks anyway (and doesn't need sr, being a firefox change).

Comment 3

[Asaf Romano (gone)]

Comment on attachment 186534 [details] [diff] [review]
patch

ok

Comment 4

[Steffen Wilberg]

Comment on attachment 186534 [details] [diff] [review]
patch

>@@ -4202,10 +4201,9 @@
>+                    if ( ( elem instanceof HTMLQuoteElemen && 'cite' in elem && elem.cite)  ||
You've got a typo here, this should probably be HTMLQuoteElement.

Comment 5

[Daniel Veditz [:dveditz]]

patch incorporated into the fix for bug 298892 -- thanks!
fixed on trunk and branches.