Closed
Bug 369244
Opened 17 years ago
Closed 17 years ago
[FIX]Create an API to control javascript: execution on a per-channel basis
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
Attachments
(2 files)
16.79 KB,
patch
|
jst
:
review+
brendan
:
superreview+
|
Details | Diff | Splinter Review |
910 bytes,
patch
|
Details | Diff | Splinter Review |
We shouldn't just use the origin principal to make this decision as we do now. What the attached patch does is to introduce a new interface to control the execution of programs represented as URIs (at the moment, just javascript:). Hopefully the API comments are clear enough that I don't need to explain the setup. If they're not, I should fix that. ;) At the moment, with this patch, the only time we will execute javascript: URIs is when they're loaded in a docshell (both because that's the only place where they'll have an owner and because that's the only place where we change the policy from NO_EXECUTION). With this patch, we'll basically be compatible with IE7. Then, as we propagate our trust labels through the code, we can decide on a case-by-case basis where to change the policy from NO_EXECUTION to something else.
Attachment #253927 -
Flags: superreview?(brendan)
Attachment #253927 -
Flags: review?(jst)
Assignee | ||
Comment 1•17 years ago
|
||
This needs tests, by the way... Ideally we'd get the tests from previous javascript: bugs checked in... ;)
Flags: in-testsuite?
Comment 2•17 years ago
|
||
Comment on attachment 253927 [details] [diff] [review] Proposed patch r=jst
Attachment #253927 -
Flags: review?(jst) → review+
Comment 3•17 years ago
|
||
Comment on attachment 253927 [details] [diff] [review] Proposed patch Looks good, sr=me. /be
Attachment #253927 -
Flags: superreview?(brendan) → superreview+
Assignee | ||
Comment 4•17 years ago
|
||
Fixed, but I still need to write those tests.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 5•17 years ago
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•