[FIX]DOMSerializer does security checks against URIs, not principals

RESOLVED FIXED in mozilla1.8.1

Status

()

Core
DOM
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: bz, Assigned: bz)

Tracking

({fixed1.8.0.5, fixed1.8.1})

1.8 Branch
mozilla1.8.1
x86
Linux
fixed1.8.0.5, fixed1.8.1
Points:
---
Bug Flags:
blocking1.8.0.5 +
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments, 1 obsolete attachment)

If I set document.domain, then try to use DOMSerializer on one of my own nodes, I get a security exception.  This was fixed on trunk by part of the checkin for bug 324600, which I think we should port to branches.
Created attachment 227492 [details]
Testcase
Created attachment 227493 [details]
Real testcase
Attachment #227492 - Attachment is obsolete: true
Created attachment 227494 [details] [diff] [review]
1.8 branch patch
Attachment #227494 - Flags: superreview?(peterv)
Attachment #227494 - Flags: review?(peterv)
Created attachment 227495 [details] [diff] [review]
1.8.0 version

Exactly the same, but to a different location (the file moved)
This is hurting the Live team's work to provide solid Firefox support, and the patch looks wafer-thin, so I'd really like to see us fix this up in 1.5.0.5/1.8.0.5.  Really really.
Flags: blocking1.8.0.5?
Attachment #227494 - Flags: superreview?(peterv)
Attachment #227494 - Flags: superreview+
Attachment #227494 - Flags: review?(peterv)
Attachment #227494 - Flags: review+
Comment on attachment 227494 [details] [diff] [review]
1.8 branch patch

This is pretty safe.
Attachment #227494 - Flags: approval1.8.1?
(Assignee)

Updated

11 years ago
Attachment #227495 - Flags: approval1.8.0.5?

Updated

11 years ago
Attachment #227494 - Flags: approval1.8.1? → approval1.8.1+
Fixed on 1.8 branch.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Keywords: fixed1.8.1
Resolution: --- → FIXED
Flags: blocking1.8.0.5? → blocking1.8.0.5+
Comment on attachment 227495 [details] [diff] [review]
1.8.0 version

approved for 1.8.0 branch, a=dveditz for drivers
Attachment #227495 - Flags: approval1.8.0.5? → approval1.8.0.5+
Fixed on 1.8.0 branch
Keywords: fixed1.8.0.5
(Assignee)

Updated

11 years ago
Flags: in-testsuite?
You need to log in before you can comment on or make changes to this bug.