Closed Bug 369244 Opened 17 years ago Closed 17 years ago

[FIX]Create an API to control javascript: execution on a per-channel basis

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9alpha1

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

Details

Attachments

(2 files)

Proposed patch
16.79 KB, patch
jst
: review+
brendan
: superreview+
Details | Diff | Splinter Review
Build bustage fix
910 bytes, patch
Details | Diff | Splinter Review
Attached patch Proposed patchSplinter Review 
We shouldn't just use the origin principal to make this decision as we do now.

What the attached patch does is to introduce a new interface to control the execution of programs represented as URIs (at the moment, just javascript:).

Hopefully the API comments are clear enough that I don't need to explain the setup.  If they're not, I should fix that.  ;)

At the moment, with this patch, the only time we will execute javascript: URIs is when they're loaded in a docshell (both because that's the only place where they'll have an owner and because that's the only place where we change the policy from NO_EXECUTION).  With this patch, we'll basically be compatible with IE7.

Then, as we propagate our trust labels through the code, we can decide on a case-by-case basis where to change the policy from NO_EXECUTION to something else.
Attachment #253927 - Flags: superreview?(brendan)
Attachment #253927 - Flags: review?(jst)
Blocks: 221428
This needs tests, by the way...  Ideally we'd get the tests from previous javascript: bugs checked in... ;)
Flags: in-testsuite?
Blocks: 355365
Comment on attachment 253927 [details] [diff] [review]
Proposed patch

r=jst
Attachment #253927 - Flags: review?(jst) → review+
Comment on attachment 253927 [details] [diff] [review]
Proposed patch

Looks good, sr=me.

/be
Attachment #253927 - Flags: superreview?(brendan) → superreview+
Fixed, but I still need to write those tests.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED

    
  
Depends on: 372346
Depends on: 376484

    
  
No longer depends on: 376484
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: