Closed
Bug 602198
Opened 14 years ago
Closed 14 years ago
Reduce privilege of the Web Console Network Inspector
Categories
(DevTools :: General, defect)
DevTools
General
Tracking
(blocking2.0 betaN+)
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | betaN+ |
People
(Reporter: dangoor, Assigned: rcampbell)
References
Details
Attachments
(1 file, 3 obsolete files)
|
2.63 KB,
patch
|
rcampbell
:
review+
|
Details | Diff | Splinter Review |
Comments from dveditz during the security review of the Web Console:
Inspect Network Request panel
we do seem to encode/escape data
use <browser type="content> to reduce privilege
except chrome:// is still privileged
switch to a resource: template maybe?
or maybe a special about: page (unprivileged, of course)
create from scratch into a data: or about:blank document?
disable javascript and plugins on the docshell
Additional input from gavin:
we should use an iframe as we do with the inspector
http://mxr.mozilla.org/mozilla-central/source/browser/base/content/inspector.js?force=1#467
|
Assignee | |
Comment 1•14 years ago
|
||
that should be fairly easy to implement.
Assignee: nobody → rcampbell
Status: NEW → ASSIGNED
|
||
Updated•14 years ago
|
blocking2.0: --- → ?
OS: Mac OS X → All
Hardware: x86 → All
Version: unspecified → Trunk
|
|
Assignee | |
Comment 2•14 years ago
|
||
converted <browser> to <iframe>, type: "content". Tests passed with no changes.
Attachment #482946 -
Flags: review?(dietrich)
|
||
Updated•14 years ago
|
blocking2.0: ? → betaN+
|
|
Assignee | |
Comment 3•14 years ago
|
||
The Real Net Panel iframe Patch
Attachment #482946 -
Attachment is obsolete: true
Attachment #483500 -
Flags: review?(gavin.sharp)
Attachment #482946 -
Flags: review?(dietrich)
|
||
Comment 4•14 years ago
|
||
Comment on attachment 483500 [details] [diff] [review] Net Panel iframe (really) r=me, but might want to rename the property to "iframe" just for clarity, and change the two "browser" references in the comments for update().
Attachment #483500 -
Flags: review?(gavin.sharp) → review+
|
|
Assignee | |
Comment 5•14 years ago
|
||
Sounds good. Thanks!
|
|
Assignee | |
Comment 6•14 years ago
|
||
carrying review forward. Ready to checkin.
Attachment #483500 -
Attachment is obsolete: true
Attachment #483547 -
Flags: review+
|
|
Assignee | |
Updated•14 years ago
|
Keywords: checkin-needed
|
|
Assignee | |
Comment 7•14 years ago
|
||
missed a variable rename. Updated patch forthcoming.
Keywords: checkin-needed
|
|
Assignee | |
Comment 8•14 years ago
|
||
Passed unittests
Attachment #483547 -
Attachment is obsolete: true
Attachment #483570 -
Flags: review+
|
|
Assignee | |
Updated•14 years ago
|
Keywords: checkin-needed
|
|
Assignee | |
Comment 9•14 years ago
|
||
Comment on attachment 483570 [details] [diff] [review] [checked-in] Net Panel iframe (post-review, really) http://hg.mozilla.org/mozilla-central/rev/0a8ccb9ecdce
Attachment #483570 -
Attachment description: Net Panel iframe (post-review, really) → [checked-in] Net Panel iframe (post-review, really)
|
|
Assignee | |
Updated•14 years ago
|
|
|
Assignee | |
Comment 10•14 years ago
|
||
reopening. I checked in the original, unupdated version of this patch. Will reland with correct bits tomorrow.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Updated•14 years ago
|
Attachment #483570 -
Attachment description: [checked-in] Net Panel iframe (post-review, really) → Net Panel iframe (post-review, really)
|
|
Assignee | |
Comment 11•14 years ago
|
||
Comment on attachment 483570 [details] [diff] [review] [checked-in] Net Panel iframe (post-review, really) http://hg.mozilla.org/mozilla-central/rev/dfcca662079e
Attachment #483570 -
Attachment description: Net Panel iframe (post-review, really) → [checked-in] Net Panel iframe (post-review, really)
|
|
Assignee | |
Updated•14 years ago
|
Status: REOPENED → RESOLVED
Closed: 14 years ago → 14 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•