Closed Bug 428225 Opened 16 years ago Closed 16 years ago

nsSplitterFrameInner::UpdateState is unsafe

Categories

(Core :: Layout, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: sicking, Unassigned)

References

Details

It is called during reflow but calls SetAttr with aNotify set to true which can run script.

Don't know if the correct fix is to set the attributes off on a runnable (posted to nsContentUtils::AddScriptRunner) or to let aNotify be false. I suspect the former.
Or to do it off a post-reflow callback, possibly.
Yes, reflowcallback has been the usual way to fix these problems in xul layout/.
Fixed by patch in bug 423355
Status: NEW → RESOLVED
Closed: 16 years ago
Depends on: 423355
Resolution: --- → FIXED
Group: core-security
You need to log in before you can comment on or make changes to this bug.