Closed Bug 304388 Opened 19 years ago Closed 19 years ago

Add hostname to title bar of windows that don't have location bars

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox1.5

People

(Reporter: jruderman, Assigned: dveditz)

References

Details

(Keywords: csectype-spoof, fixed1.8, Whiteboard: [sg:fix])

Attachments

(1 file, 1 obsolete file)

including merged xpfe/global changes
9.33 KB, patch
dveditz
: review+
bzbarsky
: superreview+
asa
: approval1.8b5+
Details | Diff | Splinter Review
https://bugzilla.mozilla.org/show_bug.cgi?id=22183#c238 was only checked in on the branch. In a security bug meeting on Tuesday, we decided to do the same thing for Firefox 1.5 (and trunk?). I'll leave bug 22183 open for a long-term solution.
Flags: blocking1.8b4?
Whiteboard: [sg:fix]
Attached patch update dveditz's patch to trunk (obsolete) — Splinter Review
I hand-applied dveditz's patch (https://bugzilla.mozilla.org/show_bug.cgi?id=22183#c238) to the trunk and edited a few code comments. I wasn't able to test the code in nsContentTreeOwner::SetTitle because the code in tabbrowser always seems to be what determines the window title in Firefox. I left out the SeaMonkey-specific part of the patch. cvs diff -p xpfe/appshell/src/nsContentTreeOwner.cpp content/html/document/src/nsHTMLDocument.cpp toolkit/content/widgets/tabbrowser.xml
Attachment #192787 - Flags: superreview?(bzbarsky)
Attachment #192787 - Flags: review?(mconnor)
Comment on attachment 192787 [details] [diff] [review] update dveditz's patch to trunk It'll take me some time to get to this... not even sure how much.
How can I test nsContentTreeOwner::SetTitle? Build Camino?
Comment on attachment 192787 [details] [diff] [review] update dveditz's patch to trunk I'm not really a good reviewer for appshell or content code, it should be a peer in the appropriate module if at all possible.
Attachment #192787 - Flags: review?(mconnor) → review?(dbaron)
<sigh> I wish we'd had time to do something better. Still, as long as we don't see this as the long-term solution... Gerv
Flags: blocking1.8b4? → blocking1.8b4+
Target Milestone: --- → Firefox1.5
Whiteboard: [sg:fix] → [sg:fix][needs review dbaron, SR bzbarsky]
So is there a reason this is not patching both tabbrowsers? Is there a reason that embedding builds don't have the same problem... or do they? That said, doesn't the nsContentTreeOwner code just run whenever you load a new page in a non-tabbrowser setup? Just remove the hookup of the DOMTitleChanged listener in tabbrowser to exercise it visually, I think. And file a followup bug on the fact that we have this code in 3 different places?
> So is there a reason this is not patching both tabbrowsers? I don't build Seamonkey and didn't realize I was expected to help maintain that fork. If you want me to build Seamonkey, I can. I don't know the answers to your other questions. dveditz (the original author of the patch) might.
Comment on attachment 192787 [details] [diff] [review] update dveditz's patch to trunk This needs at least a similar patch for xpfe and a check on whether nsWebBrowser has similar issues, as well as testing of the nsContentTreeOwner code. Please rerequest review when those have happened.
Attachment #192787 - Flags: superreview?(bzbarsky) → superreview-
Attachment #192787 - Flags: review?(dbaron)
we're gonna have to take what we did for 1.0 because we dont' have anything better and time's run out. Dan, can you drive this in?
Assignee: jruderman → dveditz
Attachment #192787 - Attachment is obsolete: true
Attachment #197923 - Flags: superreview?(bzbarsky)
Attachment #197923 - Flags: review?(jruderman)
Whiteboard: [sg:fix][needs review dbaron, SR bzbarsky] → [sg:fix][needs review jruderman, SR bzbarsky]
Comment on attachment 197923 [details] [diff] [review] including merged xpfe/global changes r=myself, this is just a trunk merge of a previously reviewed patch (r=mconnor, sr=bzbarsky, a=asa) Still requesting sr=bz since he had a problem with the first version here.
Attachment #197923 - Flags: review?(jruderman) → review+
Comment on attachment 197923 [details] [diff] [review] including merged xpfe/global changes I guess this is ok given the situation, but could we please file a bug to have one and only one place where this code lives by 1.9?
Attachment #197923 - Flags: superreview?(bzbarsky) → superreview+
Whiteboard: [sg:fix][needs review jruderman, SR bzbarsky] → [sg:fix]
Attachment #197923 - Flags: approval1.8b5+
fixed on trunk
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
fix checked into 1.8 branch
Keywords: fixed1.8
Comment on attachment 197923 [details] [diff] [review] including merged xpfe/global changes I checked Editor and it has its own title setting code to, so it's unaffected by this change.
(In reply to comment #12) >could we please file a bug to have one and only one place where this code lives For anyone interested in fixing this follow-up bug, preliminary investigation suggests that one of the callers of updateTitlebar is unnecessary and the other caller can be worked around by setting this.contentDocument.title to itself.
Depends on: 310696
Depends on: 312426
Did we ever get this followup filed? Also, note that this patch caused bug 317750 (though imo that site is just broken).
How did this break bug 317750? Does the site's JavaScript somehow see the modified title?
Keywords: csec-spoof
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: