Closed
Bug 555406
Opened 14 years ago
Closed 14 years ago
font face loader doesn't checkLoadURI the INHERIT_PRINCIPAL loads
Categories
(Core :: Layout: Text and Fonts, defect, P1)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
blocking2.0 | --- | final+ |
People
(Reporter: bzbarsky, Assigned: jtd)
Details
(Whiteboard: [sg:moderate])
Attachments
(1 file)
1.16 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
I thought CheckLoadAllowed did it, but apparently I was wrong. We need a checkLoadURI check here. In the other branch, the cross-site proxy handles it for us.
Whiteboard: [sg:moderate]
Assignee | ||
Updated•14 years ago
|
Assignee: nobody → jdaggett
blocking2.0: --- → ?
Assignee | ||
Comment 1•14 years ago
|
||
Modeled this on the code in Loader::CheckLoadAllowed, I'm assuming ALLOW_CHROME doesn't make sense here. This will apply to both data and standard URL's.
Attachment #441416 -
Flags: review?(bzbarsky)
Reporter | ||
Comment 2•14 years ago
|
||
Comment on attachment 441416 [details] [diff] [review] patch, v.0.1, checkLoadURI in nsFontFaceLoader::CheckLoadAllowed Looks good.
Attachment #441416 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 3•14 years ago
|
||
Pushed to trunk: http://hg.mozilla.org/mozilla-central/rev/3e96939590ac
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
blocking2.0: ? → final+
Priority: -- → P1
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•