Closed
Bug 342974
Opened 18 years ago
Closed 18 years ago
Scriptable theme bindings?
Categories
(Toolkit :: Startup and Profile System, defect)
Toolkit
Startup and Profile System
Tracking
()
RESOLVED
DUPLICATE
of bug 343037
People
(Reporter: asaf, Assigned: moco)
References
Details
(Whiteboard: [sg:dupe 343037])
See my comment 72 on bug 318168. IIRC Benjamin disabled scripable XBL bindings in theme packages a long time ago. Is this broken now (or do these work becuase they're attributes?). (Setting the security flag just-in-case).
Reporter | ||
Updated•18 years ago
|
Flags: blocking-firefox2?
Assignee | ||
Comment 1•18 years ago
|
||
asaf, thanks for point this out. this particular code is exercised only when the hidden pref (browser.tabs.closeButtons). I need to set that hidden pref and confirm that it doesn't work (which means I need to fix it). if it does work, that's scary, as you point out, because it means that scriptable XBL bindings in theme packages are not disabled.
Assignee: nobody → sspitzer
Reporter | ||
Updated•18 years ago
|
Summary: Scriptable theme bindings → Scriptable theme bindings?
Updated•18 years ago
|
Whiteboard: [sg:investigate]
Comment 2•18 years ago
|
||
So... We disable scripts in the bindings themselves (<method>, etc). The attributes, however, are not really living in the binding; they're living in a XUL document (the nodes are cloned, imported, etc). So I fully expect that they can execute. :( We might need to hack our event handler compilation stuff to know about bindingParents, etc...
Assignee | ||
Comment 3•18 years ago
|
||
on the subject of: this.parentNode.parentNode.parentNode.parentNode.parentNode.parentNode.removeCurrentTab() there's one parentNode too many, which needs to be fixed in mozilla/toolkit/content/widgets/tabbrowser.xml. will go test on my mac to see if the removeCurrentTab call fails on the mac, because it is in the globalBindings.xml in the pinstripe theme.
Assignee | ||
Comment 4•18 years ago
|
||
from my testing on windows (mozilla/toolkit/content/widgets/tabbrowser.xml) vs mac (mozilla/toolkit/themes/pinstripe/global/globalBindings.xml), the script on mac is not being executed.
Reporter | ||
Comment 5•18 years ago
|
||
Seth, we should really move this to tabbrowser.xml (as a <handler> in apseudo-private binding?) and extand it in the theme. Anyway, this belongs to bug 318168 or to a new bug (please CC me if so).
Assignee | ||
Comment 6•18 years ago
|
||
I've double checked that for pinstripe, we are not executing the script on the attributes. so this bug can be closed (or marked invalid.) boris said he wants to look over the code to understand why this is the case, and he also asked me to open another "investigate" bug on XBL script elements, as they should not be executed in themes. I'll go do that now. as for asaf's comments and the issue of browser.tabs.closeButtons (when set to 3) not working on pinstripe, I'll log another bug on that.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
Assignee | ||
Comment 7•18 years ago
|
||
> boris said he wants to look over the code to understand why this is the case, > and he also asked me to open another "investigate" bug on XBL script elements, > as they should not be executed in themes. I'll go do that now. see bug #343037
Assignee | ||
Comment 8•18 years ago
|
||
> as for asaf's comments and the issue of browser.tabs.closeButtons (when set to > 3) not working on pinstripe, I'll log another bug on that. see bug #343061
No longer blocks: 343061
Reporter | ||
Updated•18 years ago
|
Status: RESOLVED → REOPENED
Flags: blocking-firefox2?
Resolution: INVALID → ---
Whiteboard: [sg:investigate]
Reporter | ||
Comment 9•18 years ago
|
||
*** This bug has been marked as a duplicate of 343037 ***
Status: REOPENED → RESOLVED
Closed: 18 years ago → 18 years ago
Resolution: --- → DUPLICATE
Updated•18 years ago
|
Whiteboard: [sg:dupe 343037]
Component: XRE Startup → Startup and Profile System
QA Contact: xre.startup → startup
Updated•15 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•