Closed
Bug 38684
Opened 24 years ago
Closed 24 years ago
"security.checkxpconnect" pref is disabled
Categories
(Core :: Security: CAPS, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: rusty.lynch, Assigned: security-bugs)
Details
Attachments
(1 file)
800 bytes,
patch
|
Details | Diff | Splinter Review |
Making a pref entry for "security.checkxpconnect" to false will not allow xpconnect calls from JavaScript. The problem is that nsScriptSecurityManager::CheckXPCPermissions() will fail on it's prefs->GetBoolPref() call because mIsAccessingPrefs was never set to PR_TRUE. A patch for this follows...
Reporter | ||
Comment 1•24 years ago
|
||
Assignee | ||
Comment 2•24 years ago
|
||
Rusty, The ability to bypass the CheckXPConnect pref is going away before M16. It was put in (and marked temporary in the code) for convenience during development, but it's going to go away very soon. As an alternative, add the pref user_pref("signed.applets.codebase_principal_support", true); during development, and make sure your javascript code does a netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); You'll get a confirmation dialog the first time you run this, just click "remember this decision" and you won't see it again. In the release version, only signed scripts will have access to XPConnect. I'm closing this bug.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•