Closed
Bug 353731
Opened 18 years ago
Closed 18 years ago
[FIX]evalInSandbox creates URIs incorrectly, leading to bogus principals
Categories
(Core :: XPConnect, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
Attachments
(1 file)
3.38 KB,
patch
|
jst
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
evalInSandbox creates URLs as follows: nsCOMPtr<nsIURL> iURL; nsCOMPtr<nsIStandardURL> stdUrl = do_CreateInstance(kStandardURLContractID, &rv); if (!stdUrl || NS_FAILED(rv = stdUrl->Init(nsIStandardURL::URLTYPE_STANDARD, 80, codebase, nsnull, nsnull)) || !(iURL = do_QueryInterface(stdUrl, &rv))) { then calls GetCodebasePrincipal on the result. It looks like this goes back to the original impl of evalInSandbox in bug 63027. Is there a reason this isn't using newURI? See <http://developer.mozilla.org/en/docs/Common_Pitfalls#How_to_create_a_URI_object> for more info. Not marking security sensitive, but this setup can make same-origin checks actually succeed when they should be failing (e.g. between two sandboxes for the same non-host-based URI scheme), so we should really fix this unless there was a really good reason for the way it was done originally... shaver, any chance you can recall why the code looks like this?
Updated•18 years ago
|
Assignee: dbradley → nobody
Assignee | ||
Comment 1•18 years ago
|
||
The import thing is just a safety fix I think we're missing... the rest of the changes are relevant to this patch.
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Attachment #245877 -
Flags: superreview?(jst)
Attachment #245877 -
Flags: review?(jst)
Assignee | ||
Updated•18 years ago
|
Priority: -- → P1
Summary: evalInSandbox creates URIs incorrectly, leading to bogus principals → [FIX]evalInSandbox creates URIs incorrectly, leading to bogus principals
Target Milestone: --- → mozilla1.9alpha
Comment 2•18 years ago
|
||
Comment on attachment 245877 [details] [diff] [review] Fix r+sr=jst
Attachment #245877 -
Flags: superreview?(jst)
Attachment #245877 -
Flags: superreview+
Attachment #245877 -
Flags: review?(jst)
Attachment #245877 -
Flags: review+
Assignee | ||
Comment 3•18 years ago
|
||
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•