Closed Bug 343065 Opened 19 years ago Closed 19 years ago

[FIX]DOMSerializer does security checks against URIs, not principals

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
1.8 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8.1

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Details

(Keywords: fixed1.8.0.5, fixed1.8.1)

Attachments

(3 files, 1 obsolete file)

Real testcase
242 bytes, text/html
Details
1.8 branch patch
1.87 KB, patch
peterv
: review+
peterv
: superreview+
mtschrep
: approval1.8.1+
Details | Diff | Splinter Review
1.8.0 version
1.92 KB, patch
dveditz
: approval1.8.0.5+
Details | Diff | Splinter Review
If I set document.domain, then try to use DOMSerializer on one of my own nodes, I get a security exception. This was fixed on trunk by part of the checkin for bug 324600, which I think we should port to branches.
Attached file Testcase (obsolete) —
Attached file Real testcase
Attachment #227492 - Attachment is obsolete: true
Attached patch 1.8 branch patchSplinter Review
Attachment #227494 - Flags: superreview?(peterv)
Attachment #227494 - Flags: review?(peterv)
Attached patch 1.8.0 versionSplinter Review
Exactly the same, but to a different location (the file moved)
This is hurting the Live team's work to provide solid Firefox support, and the patch looks wafer-thin, so I'd really like to see us fix this up in 1.5.0.5/1.8.0.5. Really really.
Flags: blocking1.8.0.5?
Attachment #227494 - Flags: superreview?(peterv)
Attachment #227494 - Flags: superreview+
Attachment #227494 - Flags: review?(peterv)
Attachment #227494 - Flags: review+
Comment on attachment 227494 [details] [diff] [review] 1.8 branch patch This is pretty safe.
Attachment #227494 - Flags: approval1.8.1?
Attachment #227495 - Flags: approval1.8.0.5?
Attachment #227494 - Flags: approval1.8.1? → approval1.8.1+
Fixed on 1.8 branch.
Status: NEW → RESOLVED
Closed: 19 years ago
Keywords: fixed1.8.1
Resolution: --- → FIXED
Flags: blocking1.8.0.5? → blocking1.8.0.5+
Comment on attachment 227495 [details] [diff] [review] 1.8.0 version approved for 1.8.0 branch, a=dveditz for drivers
Attachment #227495 - Flags: approval1.8.0.5? → approval1.8.0.5+
Fixed on 1.8.0 branch
Keywords: fixed1.8.0.5
Flags: in-testsuite?
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: