Last Comment Bug 414749 - nsJSUtils::GetCallingLocation doesn't deal with null principals well
: nsJSUtils::GetCallingLocation doesn't deal with null principals well
Status: RESOLVED FIXED
fixed on branch by 411092
: verified1.8.1.13
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: x86 Linux
: -- normal (vote)
: mozilla1.9beta4
Assigned To: Blake Kaplan (:mrbkap)
:
: Andrew Overholt [:overholt]
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-29 19:47 PST by Blake Kaplan (:mrbkap)
Modified: 2008-03-21 15:37 PDT (History)
6 users (show)
jst: blocking1.9+
dveditz: blocking1.8.1.13+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Proposed fix (1.65 KB, patch)
2008-01-29 19:51 PST, Blake Kaplan (:mrbkap)
jst: review+
jst: superreview+
jst: approval1.9+
Details | Diff | Splinter Review

Description Blake Kaplan (:mrbkap) 2008-01-29 19:47:03 PST
In bug 411092, I added some code that assumed that all scripts have principals. In theory, that's nice, but in practice, event handlers (such as <body onload>) do not have principals. This was causing the test boxes to go orange. I checked in a null check to avoid the crash and the null check is correct for the common case, but I worry that it might not always be correct.
Comment 1 Blake Kaplan (:mrbkap) 2008-01-29 19:51:58 PST
Created attachment 300245 [details] [diff] [review]
Proposed fix

This patch makes us use the callee object if there are no principals in the script. I think that we want to use the script principals over the callee because the filename will be privileged even if the callee has been cloned into an untrusted context.

jst, if you agree, could you approve this as well?
Comment 2 Johnny Stenback (:jst, jst@mozilla.com) 2008-02-11 15:40:25 PST
Blake, do you want me to land this one for you?
Comment 3 Johnny Stenback (:jst, jst@mozilla.com) 2008-02-12 20:03:47 PST
Fix checked in.
Comment 4 Daniel Veditz [:dveditz] 2008-03-06 18:37:42 PST
branch version of 411092 checked in.
Comment 5 Al Billings [:abillings] 2008-03-21 15:37:33 PDT
Verified in bug 411092.

Note You need to log in before you can comment on or make changes to this bug.