Closed Bug 376484 Opened 15 years ago Closed 15 years ago

[FIX]Testcase from bug 33961 has regressed - javascript: pseudo url in stylesheet doesn't work

Categories

(Core :: DOM: Core & HTML, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla1.9alpha4

People

(Reporter: martijn.martijn, Assigned: bzbarsky)

References

()

Details

(Keywords: regression, testcase)

Attachments

(1 file)

See url, which is the Partial testcase from bug 33961, the text should be green  but isn't anymore in current trunk builds.
This regressed between 2007-02-15 and 2007-02-17, I think a regression from bug 369244.
This is actually purposeful, for the time being.  In the new world, we're white-listing the set of places where JS is allowed to execute, for now.  Once we resolve bug 221428 we can sort out exactly what the desired behavior here is.

Sadly, I have to remove the "blocks" dep to be able to set the "depends" dep...

We could also switch to defaulting to "execute in sandbox" instead of defaulting to "do not execute".  That would restore the state of things as of bug 33961.

Brendan, jst, sicking, what do you think?
No longer blocks: 369244
Depends on: 221428
Flags: blocking1.9?
I think "execute in a sandbox" is the way to go as long as we still execute them async and we're reasonably sure our sandboxes are good.
> and we're reasonably sure our sandboxes are good.

They're not great.  See bug 372075.  But we'll fix that.
Attached patch FixSplinter Review
I don't _quite_ want to change the comments to say that the default must be EXECUTE_IN_SANDBOX for all script channels... but I could be convinced.  jst, what do you think?
Attachment #260771 - Flags: superreview?(jst)
Attachment #260771 - Flags: review?(jst)
Assignee: general → bzbarsky
OS: Windows XP → All
Priority: -- → P2
Hardware: PC → All
Summary: Testcase from bug 33961 has regressed - javascript: pseudo url in stylesheet doesn't work → [FIX]Testcase from bug 33961 has regressed - javascript: pseudo url in stylesheet doesn't work
Target Milestone: --- → mozilla1.9alpha4
Comment on attachment 260771 [details] [diff] [review]
Fix

Fine with me. I don't feel strongly about the wording in the comment about the default.

r+sr=jst
Attachment #260771 - Flags: superreview?(jst)
Attachment #260771 - Flags: superreview+
Attachment #260771 - Flags: review?(jst)
Attachment #260771 - Flags: review+
Checked in, with the tests.
Status: NEW → RESOLVED
Closed: 15 years ago
Flags: blocking1.9? → in-testsuite+
Resolution: --- → FIXED
Though..  I guess those tests only pass if you also have the patch for bug 221428  applied, since otherwise we have no owner principal on the channel and hence the script does not run.

I guess we should reopen pending that.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Fixed, and tests marked as passing.
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.