Closed
Bug 306288
Opened 19 years ago
Closed 9 years ago
Security UI callbacks for embedders have no useful context information
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: sfraser_bugs, Unassigned)
Details
(Whiteboard: [kerh-ehz])
For an embedder implementing nsICertificateDialogs, nsIBadCertListener or nsISecurityWarningDialogs, there's no way to get at the originating nsIDOMWindow from the various callback methods. This is a serious security issue, because the emedder cannot preset UI to the user that indicates where the request is coming from. For our other dialogs (via nsIPromptService) we are provided an nsIDOMWindow. NSS/PSM needs to do the same. The provided nsIInterfaceRequestor* ctx is not useful; it's only queryable to an nsIPrompt.
|
Reporter | |
Updated•19 years ago
|
OS: MacOS X → All
Hardware: Macintosh → All
|
||
Comment 1•19 years ago
|
||
in: http://lxr.mozilla.org/seamonkey/source/security/manager/pki/src/nsNSSDialogs.cpp we seam to be doing something like: nsCOMPtr<nsIDOMWindowInternal> parent = do_GetInterface(ctx); Is this not working for you?
|
|
Reporter | |
Comment 2•19 years ago
|
||
(In reply to comment #1) > in: > http://lxr.mozilla.org/seamonkey/source/security/manager/pki/src/nsNSSDialogs.cpp > > we seam to be doing something like: > nsCOMPtr<nsIDOMWindowInternal> parent = do_GetInterface(ctx); > > Is this not working for you? I just debugged through this in DeerPark. |parent| there in nsNSSDialogs::ConfirmDownloadCACert() is a null pointer (note that the code doesn't check it).
|
|
||
Comment 3•19 years ago
|
||
Very odd. Tracing back a bit on the stack, don't you see a new'ed PipUIContext on either: http://lxr.mozilla.org/seamonkey/source/security/manager/ssl/src/nsNSSComponent.cpp#2428 http://lxr.mozilla.org/seamonkey/source/security/manager/ssl/src/nsNSSCertificateDB.cpp#1029 In any case, your right... this object doesn't really get you to where you need to be.
|
||
Comment 8•19 years ago
|
||
(In reply to comment #7) > Bug 277587 may have helped. > That fixed it for the interface requestor passed to nsISecurityWarningDialogs methods; all others still have the problem.
|
||
Updated•19 years ago
|
Whiteboard: [kerh-ehz]
|
|
||
Updated•19 years ago
|
Assignee: kengert → nobody
|
||
Updated•18 years ago
|
QA Contact: psm
|
||
Comment 9•9 years ago
|
||
This doesn't seem to be relevant anymore.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•