Closed Bug 451037 Opened 17 years ago Closed 17 years ago

document.loadBindingDocument() returns a document that does not have a script handling object

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Version:
1.8 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: moz_bug_r_a4, Assigned: smaug)

References

Details

(Keywords: fixed1.9.0.2, verified1.8.1.17, Whiteboard: [sg:critical])

Attachments

(4 files, 3 obsolete files)

simplest possible hack
1011 bytes, patch
Details | Diff | Splinter Review
for trunk
4.39 KB, patch
sicking
: review+
sicking
: superreview+
Details | Diff | Splinter Review
for 1.9.0
3.59 KB, patch
sicking
: review+
sicking
: superreview+
dveditz
: approval1.9.0.2+
Details | Diff | Splinter Review
for 1.8
3.65 KB, patch
sicking
: review+
sicking
: superreview+
dveditz
: approval1.8.1.17+
asac
: approval1.8.0.next+
Details | Diff | Splinter Review
This is similar to bug 448548. This is fx2-only. On fx2, document.loadBindingDocument() returns a document that does not have a script handling object. (On trunk and fx3.0.x, it does not return anything.)
I guess this is for me
Assignee: nobody → Olli.Pettay
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.17?
Flags: blocking1.8.1.17? → blocking1.8.1.17+
Whiteboard: [sg:critical]
There are possibly ways to get this to work in FF3 as well. It's harder to get a reference to the binding document, but it might still be possible. I don't think we intentionally try to prevent it.
This is ugly, but the whole method is. Fortunately the API has changed on 1.9.
Perhaps for non-chrome (non-cached) xbl documents, the scripthandlingobject could be the same as what the bound document has.
(In reply to comment #3) > There are possibly ways to get this to work in FF3 as well. It's harder to get > a reference to the binding document, but it might still be possible. I don't > think we intentionally try to prevent it. Perhaps disabling event handling on all loaded xbl documents would make sense.
Either of comment 5 or comment 6 makes sense to me. 6 might be a good idea for other reasons, as I doubt we expects events to happen in there.
I like comment 6 to.
Attached patch for 1.8 (obsolete) — Splinter Review
Attached patch for trunk (obsolete) — Splinter Review
Attached patch for 1.9.0 (obsolete) — Splinter Review
I'm not sure if DisableEventHandling is the right name for the method, since it doesn't prevent running those deprecated event type specific listeners (nsIFocusListener etc.). Such listeners can be implemented only in C++.
Attached patch for trunkSplinter Review
Attachment #334558 - Attachment is obsolete: true
Attachment #335026 - Flags: superreview?(jonas)
Attachment #335026 - Flags: review?(jonas)
Attached patch for 1.9.0Splinter Review
Attachment #334561 - Attachment is obsolete: true
Attachment #335027 - Flags: superreview?(jonas)
Attachment #335027 - Flags: review?(jonas)
Attached patch for 1.8Splinter Review
Attachment #334556 - Attachment is obsolete: true
Attachment #335028 - Flags: superreview?(jonas)
Attachment #335028 - Flags: review?(jonas)
Attachment #335026 - Flags: superreview?(jonas)
Attachment #335026 - Flags: superreview+
Attachment #335026 - Flags: review?(jonas)
Attachment #335026 - Flags: review+
Attachment #335027 - Flags: superreview?(jonas)
Attachment #335027 - Flags: superreview+
Attachment #335027 - Flags: review?(jonas)
Attachment #335027 - Flags: review+
Attachment #335028 - Flags: superreview?(jonas)
Attachment #335028 - Flags: superreview+
Attachment #335028 - Flags: review?(jonas)
Attachment #335028 - Flags: review+
Comment on attachment 335027 [details] [diff] [review] for 1.9.0 Approved for 1.9.0.2, a=dveditz for release-drivers.
Attachment #335027 - Flags: approval1.9.0.2+
Comment on attachment 335028 [details] [diff] [review] for 1.8 Approved for 1.8.1.17, a=dveditz for release-drivers.
Attachment #335028 - Flags: approval1.8.1.17+
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Verified FIXED; I can reproduce using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16, but not Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17, with the testcase in comment 1. Replacing fixed1.8.1.17 with verified1.8.1.17.
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.1.17verified1.8.1.17
Flags: blocking1.8.0.15+
Attachment #335028 - Flags: approval1.8.0.15+
Comment on attachment 335028 [details] [diff] [review] for 1.8 a=asac for 1.8.0.15
Group: core-security
Depends on: 461772
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: