Last Comment Bug 343065 - [FIX]DOMSerializer does security checks against URIs, not principals
: [FIX]DOMSerializer does security checks against URIs, not principals
Status: RESOLVED FIXED
: fixed1.8.0.5, fixed1.8.1
Product: Core
Classification: Components
Component: DOM (show other bugs)
: 1.8 Branch
: x86 Linux
: -- normal (vote)
: mozilla1.8.1
Assigned To: Boris Zbarsky [:bz] (Out June 25-July 6)
: Hixie (not reading bugmail)
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-28 19:16 PDT by Boris Zbarsky [:bz] (Out June 25-July 6)
Modified: 2006-08-07 08:56 PDT (History)
2 users (show)
dveditz: blocking1.8.0.5+
bzbarsky: in‑testsuite?
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Testcase (869 bytes, text/html)
2006-06-28 19:17 PDT, Boris Zbarsky [:bz] (Out June 25-July 6)
no flags Details
Real testcase (242 bytes, text/html)
2006-06-28 19:18 PDT, Boris Zbarsky [:bz] (Out June 25-July 6)
no flags Details
1.8 branch patch (1.87 KB, patch)
2006-06-28 19:30 PDT, Boris Zbarsky [:bz] (Out June 25-July 6)
peterv: review+
peterv: superreview+
mtschrep: approval1.8.1+
Details | Diff | Review
1.8.0 version (1.92 KB, patch)
2006-06-28 19:32 PDT, Boris Zbarsky [:bz] (Out June 25-July 6)
dveditz: approval1.8.0.5+
Details | Diff | Review

Description Boris Zbarsky [:bz] (Out June 25-July 6) 2006-06-28 19:16:28 PDT
If I set document.domain, then try to use DOMSerializer on one of my own nodes, I get a security exception.  This was fixed on trunk by part of the checkin for bug 324600, which I think we should port to branches.
Comment 1 Boris Zbarsky [:bz] (Out June 25-July 6) 2006-06-28 19:17:36 PDT
Created attachment 227492 [details]
Testcase
Comment 2 Boris Zbarsky [:bz] (Out June 25-July 6) 2006-06-28 19:18:28 PDT
Created attachment 227493 [details]
Real testcase
Comment 3 Boris Zbarsky [:bz] (Out June 25-July 6) 2006-06-28 19:30:20 PDT
Created attachment 227494 [details] [diff] [review]
1.8 branch patch
Comment 4 Boris Zbarsky [:bz] (Out June 25-July 6) 2006-06-28 19:32:09 PDT
Created attachment 227495 [details] [diff] [review]
1.8.0 version

Exactly the same, but to a different location (the file moved)
Comment 5 Mike Shaver (:shaver -- probably not reading bugmail closely) 2006-06-28 21:14:48 PDT
This is hurting the Live team's work to provide solid Firefox support, and the patch looks wafer-thin, so I'd really like to see us fix this up in 1.5.0.5/1.8.0.5.  Really really.
Comment 6 Boris Zbarsky [:bz] (Out June 25-July 6) 2006-06-28 22:00:07 PDT
Comment on attachment 227494 [details] [diff] [review]
1.8 branch patch

This is pretty safe.
Comment 7 Boris Zbarsky [:bz] (Out June 25-July 6) 2006-06-29 11:27:24 PDT
Fixed on 1.8 branch.
Comment 8 Daniel Veditz [:dveditz] 2006-06-29 13:46:05 PDT
Comment on attachment 227495 [details] [diff] [review]
1.8.0 version

approved for 1.8.0 branch, a=dveditz for drivers
Comment 9 Boris Zbarsky [:bz] (Out June 25-July 6) 2006-06-29 14:42:06 PDT
Fixed on 1.8.0 branch

Note You need to log in before you can comment on or make changes to this bug.