Closed
Bug 328885
Opened 18 years ago
Closed 18 years ago
Don't propagate mutation events from native anonymous content
Categories
(Core :: DOM: Events, defect)
Core
DOM: Events
Tracking
()
RESOLVED
FIXED
People
(Reporter: smaug, Assigned: smaug)
References
(Blocks 1 open bug)
Details
(Whiteboard: [sg:investigate])
Attachments
(1 file)
2.73 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
We should not propagate mutation events from native anonymous content. Not sure about XBL and not sure whether this is needed for 1.8.X Bug 234455 should make this easy to implement. This is also related to bug 328566 and bug 97058. Marking security sensitive, just in case...
Comment 1•18 years ago
|
||
Does anyone actually care about mutation events on native anonymous content? i.e. could we just not fire them?
Assignee | ||
Comment 2•18 years ago
|
||
That could be done too. Pretty easy with the new dispatching code ;)
Assignee | ||
Comment 3•18 years ago
|
||
This doesn't prevent mutation events in native anonymous content, but those just aren't propagated to non- native-anon.
Attachment #214451 -
Flags: superreview?(bzbarsky)
Attachment #214451 -
Flags: review?(bzbarsky)
Comment 4•18 years ago
|
||
Comment on attachment 214451 [details] [diff] [review] proposed patch Looks reasonable. I think for XBL-bound stuff we want to cut off mutation events at the anon moundary. But that may be the case for other events too, not just mutation events (eg mousein/mouseout). Ideally we'd have a data table somewhere that has this sort of info...
Attachment #214451 -
Flags: superreview?(bzbarsky)
Attachment #214451 -
Flags: superreview+
Attachment #214451 -
Flags: review?(bzbarsky)
Attachment #214451 -
Flags: review+
Assignee | ||
Updated•18 years ago
|
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Comment 5•17 years ago
|
||
> not sure whether this is needed for 1.8.X
any more thoughts on this? should the patch be considered for the branch?
Do we know if this is causing any real-world exploits or not? If we don't know of any I'm a little hesitant to take it since we've been bitten before by 'we might as well' patches like this. That said, I don't know of any internal code that uses mutation events. Though there could be extensions relying on them.
Comment 7•17 years ago
|
||
Saying "no" to the branch unless someone comes up with something exploitable here.
Flags: wanted1.8.1.x-
Flags: wanted1.8.0.x-
Whiteboard: [sg:investigate]
Updated•17 years ago
|
Group: security
Flags: in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•