XSLT creates documents which don't have script handling objects

RESOLVED FIXED

Status

()

defect
P1
normal
RESOLVED FIXED
11 years ago
3 months ago

People

(Reporter: smaug, Assigned: smaug)

Tracking

({fixed1.9.0.2, fixed1.9.1, verified1.8.1.17})

unspecified
x86
All
Points:
---
Bug Flags:
blocking1.9.1 +
blocking1.9.0.2 +
wanted1.9.0.x +
blocking1.8.1.17 +
wanted1.8.1.x +
blocking1.8.0.next +
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:critical])

Attachments

(4 attachments, 1 obsolete attachment)

Assignee

Description

11 years ago
This may cause similar problems as bug 393761 and bug 393762.
Assignee

Comment 1

11 years ago
Posted patch WIP, not properly tested (obsolete) — Splinter Review
I'll test this some more once I have reasonable well working network connection.
Assignee

Comment 2

11 years ago
Comment on attachment 331749 [details] [diff] [review]
WIP, not properly tested

This isn't quite good enough. New scriptglobalobject is set for those XSLT processed documents which are going to a contentviewer.
Better patch coming...
Attachment #331749 - Attachment is obsolete: true
Assignee

Comment 3

11 years ago
Posted patch a bit betterSplinter Review
This let's one to override scripthandlingobject - basically when
document is set to a contentviewer and to a globalwindow.
Assignee

Comment 4

11 years ago
Comment on attachment 331793 [details] [diff] [review]
a bit better

Should be enough for now.
Attachment #331793 - Flags: superreview?(jst)
Attachment #331793 - Flags: review?(jonas)
Assignee

Comment 5

11 years ago
I need to find some testcase for this.
...trying to modify moz_bug_r_a4@yahoo.com's testcases for XHR/DOMParser/.createDocument 
Flags: wanted1.8.1.x?
Flags: blocking1.9.1?
Flags: blocking1.9.0.2?
Assignee

Comment 6

11 years ago
Posted patch mochitestSplinter Review
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P1
Johnny, can we get this reviewed? We probably want to block on it, depending on how safe the fix is...
Flags: wanted1.9.0.x+
Flags: wanted1.8.1.x?
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.17?
"blocking" so we don't lose track, but if we can't patch all the holes this week might have to punt to the next update releases.
Flags: blocking1.9.0.2?
Flags: blocking1.9.0.2+
Flags: blocking1.8.1.17?
Flags: blocking1.8.1.17+
Whiteboard: [sg:critical]
Assignee

Comment 10

11 years ago
The patch applies cleanly 1.9.0. Will upload 1.8 patch
Assignee

Comment 11

11 years ago
Posted patch for 1.8Splinter Review
Attachment #335032 - Flags: superreview?(jonas)
Attachment #335032 - Flags: review?(jonas)
Attachment #331793 - Flags: superreview?(jst) → superreview+
Attachment #335032 - Flags: superreview?(jonas)
Attachment #335032 - Flags: superreview+
Attachment #335032 - Flags: review?(jonas)
Attachment #335032 - Flags: review+
Olli, do these patches address the new testcase in comment 8? I wasn't sure if that's an exploit found in your patch or just an additional testcase that does the same thing.

moz_bug_r_a4, care to comment?
Assignee

Comment 13

11 years ago
Yes, the patches do address both testcases.
Comment on attachment 335032 [details] [diff] [review]
for 1.8

Approved for 1.8.1.17 and 1.9.0.2, a=dveditz for release-drivers.
Attachment #335032 - Flags: approval1.9.0.2+
Attachment #335032 - Flags: approval1.8.1.17+
Assignee

Updated

11 years ago
Attachment #331793 - Flags: approval1.9.0.2?
Comment on attachment 331793 [details] [diff] [review]
a bit better

meant this patch for 1.9.0.x
Attachment #331793 - Flags: approval1.9.0.2? → approval1.9.0.2+
Attachment #335032 - Flags: approval1.9.0.2+
Assignee

Updated

11 years ago
Assignee

Updated

11 years ago
Keywords: checkin-needed
Assignee

Updated

11 years ago
Status: NEW → RESOLVED
Closed: 11 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Assignee

Updated

11 years ago
Flags: in-testsuite?
Verified FIXED using the testcase in comment 8 against:

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 -- where it reproduces, and against:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17, where it does NOT.

Replacing fixed1.8.1.17 keyword with verified1.8.1.17.

Comment 17

11 years ago
keywords had a typo: "verified1.8.1.7". fixing that.

Comment 18

11 years ago
a=asac for 1.8.1.15
Attachment #336281 - Flags: approval1.8.0.15+

Comment 19

11 years ago
sorry typo too :):

a=asac for 1.8.0.15
Group: core-security
is lack of scriptglobalobject guaranteed to give chrome privileges?

Updated

11 years ago
Flags: blocking1.8.0.next+
Assignee

Comment 21

7 years ago
Need to commit the mochitest.
Assignee

Comment 22

7 years ago
Ah, hmm, testcase would need quite some changes.
Flags: in-testsuite? → in-testsuite-
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.