Closed
Bug 396851
Opened 17 years ago
Closed 16 years ago
XOW does system principal check when it should do IsCapabilityEnabled("UniversalXPConnect") check
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: bzbarsky, Assigned: mrbkap)
References
(Blocks 1 open bug)
Details
(Keywords: fixed1.9.0.12, fixed1.9.1)
Attachments
(1 file, 2 obsolete files)
|
8.82 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
See bug 367911 comment 36 last paragraph.
Flags: blocking1.9?
|
Assignee | |
Comment 1•17 years ago
|
||
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #281614 -
Flags: superreview?(bzbarsky)
Attachment #281614 -
Flags: review?(bzbarsky)
|
Reporter | |
Comment 2•17 years ago
|
||
Comment on attachment 281614 [details] [diff] [review] Easy fix r+sr=bzbarsky, but technically I'm not an xpconnect peer. Then again, the owner/peer list seems to be kinda out of date, esp. for this code... and this is a no-brainer.
Attachment #281614 -
Flags: superreview?(bzbarsky)
Attachment #281614 -
Flags: superreview+
Attachment #281614 -
Flags: review?(bzbarsky)
Attachment #281614 -
Flags: review+
Just worried about performance here. Not a blocker, but we'll take the patch.
Flags: blocking1.9? → blocking1.9-
Attachment #281614 -
Flags: approval1.9+
|
|
Assignee | |
Comment 4•17 years ago
|
||
Comment on attachment 281614 [details] [diff] [review] Easy fix This turned out not even to compile. It turns out to do this correctly, we'd have to compute the subject principal twice, and we don't want to do that.
Attachment #281614 -
Attachment is obsolete: true
Attachment #281614 -
Flags: superreview+
Attachment #281614 -
Flags: review-
Attachment #281614 -
Flags: review+
Attachment #281614 -
Flags: approval1.9+
|
|
Reporter | |
Comment 5•17 years ago
|
||
Perhaps we need a "same origin or has capability X" API on nsIScriptSecurityManager?
|
|
Assignee | |
Comment 6•17 years ago
|
||
I was going to add a less generic api looking something like:
[noscript] void allowPropertyAccess(in JSContextPtr aJSContext,
in JSObjectPtr aJSObject,
in string aClassName,
in nsIPrincipal aSubjectPrincipal,
in nsIPrincipal aObjectPrincipal,
in string aPropName,
in PRUint32 aAction,
out boolean isCrossOrigin);
which deals with whether the given property is allAccess, noAccess, etc. If the caller doesn't have the object principal or subject principal, the function would compute them. It might be too XOW specific, though.
Actually, the worry here is that fixing this would make us slower. Blake, is there any way a fix here could improve performance?
|
|
Assignee | |
Comment 9•17 years ago
|
||
This bug in itself shouldn't affect perf. My proposed solution should allow us to fix this without slowing down. The worry was that without that function we'd need to walk the JS stack twice looking for the subject principal.
Ok, still saying this isn't a blocker then.
Flags: blocking1.9? → blocking1.9-
|
||
Comment 11•17 years ago
|
||
(In reply to comment #6) [...] > caller doesn't have the object principal or subject principal, the function > would compute them. It might be too XOW specific, though. I don't think we care too much at this point if a caps API is too specific for any one purpose. Caps is going to get way overhauled in moz2, so whatever we need right now to make XOWs more useful and easier to work with is IMO ok to do.
|
|
Assignee | |
Comment 12•16 years ago
|
||
Attachment #342975 -
Flags: superreview?(bzbarsky)
Attachment #342975 -
Flags: review?(bzbarsky)
|
|
Reporter | |
Comment 13•16 years ago
|
||
Comment on attachment 342975 [details] [diff] [review] Fix s/chrome code/UniversalXPConnect code/ and r+sr=bzbarsky. But for the love of all that is holy, please put unified = 8 in the [diff] section of ~/.hgrc if you're going to post mq patches!
Attachment #342975 -
Flags: superreview?(bzbarsky)
Attachment #342975 -
Flags: superreview+
Attachment #342975 -
Flags: review?(bzbarsky)
Attachment #342975 -
Flags: review+
|
|
Assignee | |
Comment 14•16 years ago
|
||
I realized that I forgot to add a mochitest, so here it is.
Attachment #342975 -
Attachment is obsolete: true
Attachment #343673 -
Flags: superreview?(bzbarsky)
Attachment #343673 -
Flags: review?(bzbarsky)
|
|
Reporter | |
Comment 15•16 years ago
|
||
Comment on attachment 343673 [details] [diff] [review] With mochitest Excellent
Attachment #343673 -
Flags: superreview?(bzbarsky)
Attachment #343673 -
Flags: superreview+
Attachment #343673 -
Flags: review?(bzbarsky)
Attachment #343673 -
Flags: review+
|
|
Assignee | |
Comment 16•16 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/3b0909b12aa5
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 17•15 years ago
|
||
Ugh. The branch version changed nsIScriptSecurityManager on 1.9.1.... This causes people issues; see the "using 3.0 plugins with 3.5" thread in m.d.t.xpcom starting today.
|
|
Assignee | |
Comment 18•15 years ago
|
||
This is needed for bug 460882 on the 1.9.0 branch.
Blocks: 460882
Flags: blocking1.9.0.12?
|
||
Updated•15 years ago
|
Flags: blocking1.9.0.12? → blocking1.9.0.12+
|
|
Assignee | |
Updated•15 years ago
|
Keywords: fixed1.9.0.12
|
|
||
Updated•15 years ago
|
Keywords: fixed1.9.1
You need to log in
before you can comment on or make changes to this bug.
Description
•