Closed Bug 414749 Opened 18 years ago Closed 17 years ago

nsJSUtils::GetCallingLocation doesn't deal with null principals well

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla1.9beta4

People

(Reporter: mrbkap, Assigned: mrbkap)

Details

(Keywords: verified1.8.1.13, Whiteboard: fixed on branch by 411092)

Attachments

(1 file)

Proposed fix 18 years ago Blake Kaplan (:mrbkap) (inactive) 1.65 KB, patch	jst : review+ jst : superreview+ jst : approval1.9+	Details \| Diff \| Splinter Review

Blake Kaplan (:mrbkap) (inactive)

Assignee

Description

•

18 years ago

In bug 411092, I added some code that assumed that all scripts have principals. In theory, that's nice, but in practice, event handlers (such as <body onload>) do not have principals. This was causing the test boxes to go orange. I checked in a null check to avoid the crash and the null check is correct for the common case, but I worry that it might not always be correct.

Reed Loden [:reed]

Updated

•

18 years ago

Version: unspecified → Trunk

Blake Kaplan (:mrbkap) (inactive)

Assignee

Comment 1

•

18 years ago

Attached patch Proposed fix — Details — Splinter Review

This patch makes us use the callee object if there are no principals in the script. I think that we want to use the script principals over the callee because the filename will be privileged even if the callee has been cloned into an untrusted context. jst, if you agree, could you approve this as well?

Assignee: nobody → mrbkap

Status: NEW → ASSIGNED

Attachment #300245 - Flags: superreview?(jst)

Attachment #300245 - Flags: review?(jst)

Johnny Stenback (:jst)

Updated

•

18 years ago

Attachment #300245 - Flags: superreview?(jst)

Attachment #300245 - Flags: superreview+

Attachment #300245 - Flags: review?(jst)

Attachment #300245 - Flags: review+

Blake Kaplan (:mrbkap) (inactive)

Assignee

Updated

•

18 years ago

Attachment #300245 - Flags: approval1.9?

Johnny Stenback (:jst)

Updated

•

18 years ago

Attachment #300245 - Flags: approval1.9? → approval1.9+

Johnny Stenback (:jst)

Updated

•

18 years ago

Flags: blocking1.9+

Target Milestone: --- → mozilla1.9beta4

Johnny Stenback (:jst)

Comment 2

•

17 years ago

Blake, do you want me to land this one for you?

Johnny Stenback (:jst)

Comment 3

•

17 years ago

Fix checked in.

Status: ASSIGNED → RESOLVED

Closed: 17 years ago

Resolution: --- → FIXED

Daniel Veditz [:dveditz]

Updated

•

17 years ago

Flags: blocking1.8.1.13+

Daniel Veditz [:dveditz]

Updated

•

17 years ago

Whiteboard: fixed on branch by 411092

Daniel Veditz [:dveditz]

Comment 4

•

17 years ago

branch version of 411092 checked in.

Keywords: fixed1.8.1.13

Al Billings [:abillings - ex-MoCo]

Comment 5

•

17 years ago

Verified in bug 411092.

Keywords: fixed1.8.1.13 → verified1.8.1.13

Nobody; OK to take it and work on it

Updated

•

6 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.

Bugzilla

nsJSUtils::GetCallingLocation doesn't deal with null principals well

Categories

(Core :: DOM: Core & HTML, defect)

Tracking

()

People

(Reporter: mrbkap, Assigned: mrbkap)

References

Details

(Keywords: verified1.8.1.13, Whiteboard: fixed on branch by 411092)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Updated

Updated

Updated

Updated

Comment 2

Comment 3

Updated

Updated

Comment 4

Comment 5

Updated

Attachment

General

Description

File Name

Content Type