Closed
Bug 327109
Opened 19 years ago
Closed 18 years ago
[FIX]SameOrSubdomainOfTarget should die
Categories
(Core :: Security, defect, P1)
Core
Security
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
Attachments
(2 files, 2 obsolete files)
3.15 KB,
text/html
|
Details | |
8.18 KB,
patch
|
dveditz
:
review+
|
Details | Diff | Splinter Review |
This method in docshell duplicates parts of SecurityCompareURIs, but not other parts...
I think we should have a caps method that does what needs doing here; that way we can reuse SecurityCompareURIs (or factor better) and not have this weird version skew between two methods that are trying to do very similar things.
Flags: blocking1.9-
Whiteboard: [wanted-1.9]
![]() |
Assignee | |
Updated•19 years ago
|
Assignee: dveditz → bzbarsky
Priority: -- → P1
Target Milestone: --- → mozilla1.9alpha
![]() |
Assignee | |
Comment 2•19 years ago
|
||
Based on testing other UAs:
NS4 and IE6 and IE7 allow anyone to target anything.
Opera allows same-domain targeting and ignores document.domain.
I think both are wrong. We should simply be doing a same-origin check here (which takes document.domain into account).
![]() |
Assignee | |
Comment 3•19 years ago
|
||
I'll test this once landfill.bugzilla.org is actually alive again. :(
![]() |
Assignee | |
Comment 4•19 years ago
|
||
The major change here, in my opinion, is that two unrelated (neither opened the other) windows from the same site with different document.domain values will not be able to target each other anymore. I think that's what we want, frankly....
Attachment #232455 -
Flags: superreview?(jst)
Attachment #232455 -
Flags: review?(dveditz)
![]() |
Assignee | |
Updated•19 years ago
|
Summary: SameOrSubdomainOfTarget should die → [FIX]SameOrSubdomainOfTarget should die
Comment 5•19 years ago
|
||
Comment on attachment 232455 [details] [diff] [review]
OK, this gives the behavior I'd expect
This does seem to be what we want. The code changes look good, the only thing that is a bit worrisome is that there *is* a change in behaviour, and that *could* make some sites behave differently (though they shouldn't completely break, things might simply open in new windows rather than reusing existing ones). If we'd be pushing this in on the branch I'd love to see this sit on the trunk for some time before we take it on the branch, but it doesn't look like we'll be attempting to make this change on the branch.
sr=jst
Attachment #232455 -
Flags: superreview?(jst) → superreview+
![]() |
Assignee | |
Comment 6•19 years ago
|
||
Yeah, this is trunk-only as far as I'm concerned, unless something _really_ weird happens.
![]() |
Assignee | |
Comment 7•18 years ago
|
||
Attachment #232287 -
Attachment is obsolete: true
Attachment #232455 -
Attachment is obsolete: true
Attachment #233913 -
Flags: review?(dveditz)
Attachment #232455 -
Flags: review?(dveditz)
Comment 8•18 years ago
|
||
Comment on attachment 233913 [details] [diff] [review]
Updated to trunk
Looks good, much better to have the rules enforced in a common spot.
r=dveditz
Attachment #233913 -
Flags: review?(dveditz) → review+
![]() |
Assignee | |
Comment 9•18 years ago
|
||
Fixed.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Updated•17 years ago
|
Flags: wanted1.9+
Whiteboard: [wanted-1.9]
You need to log in
before you can comment on or make changes to this bug.
Description
•