Closed Bug 451037 Opened 12 years ago Closed 12 years ago

document.loadBindingDocument() returns a document that does not have a script handling object

Categories

(Core :: Security, defect)

1.8 Branch
x86
Windows XP
defect
Not set
normal

Tracking

()

VERIFIED FIXED

People

(Reporter: moz_bug_r_a4, Assigned: smaug)

References

Details

(Keywords: fixed1.9.0.2, verified1.8.1.17, Whiteboard: [sg:critical])

Attachments

(4 files, 3 obsolete files)

This is similar to bug 448548.

This is fx2-only.  On fx2, document.loadBindingDocument() returns a document
that does not have a script handling object.  (On trunk and fx3.0.x, it does
not return anything.)
I guess this is for me
Assignee: nobody → Olli.Pettay
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.17?
Flags: blocking1.8.1.17? → blocking1.8.1.17+
Whiteboard: [sg:critical]
There are possibly ways to get this to work in FF3 as well. It's harder to get a reference to the binding document, but it might still be possible. I don't think we intentionally try to prevent it.
This is ugly, but the whole method is.
Fortunately the API has changed on 1.9.
Perhaps for non-chrome (non-cached) xbl documents, the scripthandlingobject could be the same as what the bound document has.
(In reply to comment #3)
> There are possibly ways to get this to work in FF3 as well. It's harder to get
> a reference to the binding document, but it might still be possible. I don't
> think we intentionally try to prevent it.
Perhaps disabling event handling on all loaded xbl documents would make sense.
Either of comment 5 or comment 6 makes sense to me. 6 might be a good idea for other reasons, as I doubt we expects events to happen in there.
I like comment 6 to.
Attached patch for 1.8 (obsolete) — Splinter Review
Attached patch for trunk (obsolete) — Splinter Review
Attached patch for 1.9.0 (obsolete) — Splinter Review
I'm not sure if DisableEventHandling is the right name for the method, since
it doesn't prevent running those deprecated event type specific listeners
(nsIFocusListener etc.). Such listeners can be implemented only in C++.
Attached patch for trunkSplinter Review
Attachment #334558 - Attachment is obsolete: true
Attachment #335026 - Flags: superreview?(jonas)
Attachment #335026 - Flags: review?(jonas)
Attached patch for 1.9.0Splinter Review
Attachment #334561 - Attachment is obsolete: true
Attachment #335027 - Flags: superreview?(jonas)
Attachment #335027 - Flags: review?(jonas)
Attached patch for 1.8Splinter Review
Attachment #334556 - Attachment is obsolete: true
Attachment #335028 - Flags: superreview?(jonas)
Attachment #335028 - Flags: review?(jonas)
Attachment #335026 - Flags: superreview?(jonas)
Attachment #335026 - Flags: superreview+
Attachment #335026 - Flags: review?(jonas)
Attachment #335026 - Flags: review+
Attachment #335027 - Flags: superreview?(jonas)
Attachment #335027 - Flags: superreview+
Attachment #335027 - Flags: review?(jonas)
Attachment #335027 - Flags: review+
Attachment #335028 - Flags: superreview?(jonas)
Attachment #335028 - Flags: superreview+
Attachment #335028 - Flags: review?(jonas)
Attachment #335028 - Flags: review+
Comment on attachment 335027 [details] [diff] [review]
for 1.9.0

Approved for 1.9.0.2, a=dveditz for release-drivers.
Attachment #335027 - Flags: approval1.9.0.2+
Comment on attachment 335028 [details] [diff] [review]
for 1.8

Approved for 1.8.1.17, a=dveditz for release-drivers.
Attachment #335028 - Flags: approval1.8.1.17+
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 12 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Verified FIXED; I can reproduce using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16, but not Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17, with the testcase in comment 1.

Replacing fixed1.8.1.17 with verified1.8.1.17.
Status: RESOLVED → VERIFIED
Flags: blocking1.8.0.15+
Attachment #335028 - Flags: approval1.8.0.15+
Comment on attachment 335028 [details] [diff] [review]
for 1.8

a=asac for 1.8.0.15
Group: core-security
Depends on: 461772
You need to log in before you can comment on or make changes to this bug.