Closed Bug 488446 Opened 15 years ago Closed 15 years ago

Disallow localStorage data manipulation in PB and session-only mode, follow up to bug 486654

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
1.9.1 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: mayhemer, Assigned: mayhemer)

References

Details

Attachments

(1 file)

wip 1
5.22 KB, patch
Details | Diff | Splinter Review 
(In reply to bug 486654 comment #18)
> (In reply to bug 486654 comment #15)
> > What I suggest now after I completely went through the Brady's thread is to
> > throw a DOM_SECURITY_ERROR when accessing window.localStorage object while in
> > either private-browsing-mode or session-only-cookies-mode. The letter is
> > already implemented.
> 
> A brain-dead way to break this would be:
> 
> var storage = window.localStorage;
> // use |storage| from this point forward
> 
> Any web page which does that will not be affected by the user changing their
> cookie settings, unless it's reloaded.

Based on these comments make sure to throw the same security error when accessing dom storage data (getItem, setItem) while in either private-browsing-mode or session-only-cookies-mode.

This is just a followup to have a complete 20/80 solution before we fix bug 487695.

Should be b191+ if we don't get fix bug 487695.
Flags: blocking1.9.1?
Attached patch wip 1Splinter Review 
mSessionOnly member of nsDOMStorage is set when cookies are in session-only
mode OR we are PB mode. I added this condition to nsDOMStorage::CanUseStorage.
Then, when checking access to localStorage (only localStorage) with setItem or
getItem we throw a security error when being session only (addresses this bug).

Confirmed by a test.
Attachment #373138 - Flags: review?(dveditz)
Comment on attachment 373138 [details] [diff] [review]
wip 1

Sorry to rise r? so late...
(In reply to comment #0)
> Should be b191+ if we don't get fix bug 487695.

Bug 487695 is blocking, so this one isn't per this logic!
Flags: blocking1.9.1? → blocking1.9.1-
Attachment #373138 - Flags: review?(dveditz)
Comment on attachment 373138 [details] [diff] [review]
wip 1

We have a correct patch for this issue in bug 487695. No need to review this.
So this bug is WONTFIX?
After bug 487695 gets fixed, we probably can. This was intended as a quick workaround.
Bug 487695 has just landed.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
Component: DOM: Mozilla Extensions → DOM
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: