Closed
Bug 602198
Opened 14 years ago
Closed 14 years ago
Reduce privilege of the Web Console Network Inspector
Categories
(DevTools :: General, defect)
DevTools
General
Tracking
(blocking2.0 betaN+)
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
blocking2.0 | --- | betaN+ |
People
(Reporter: dangoor, Assigned: rcampbell)
References
Details
Attachments
(1 file, 3 obsolete files)
2.63 KB,
patch
|
rcampbell
:
review+
|
Details | Diff | Splinter Review |
Comments from dveditz during the security review of the Web Console: Inspect Network Request panel we do seem to encode/escape data use <browser type="content> to reduce privilege except chrome:// is still privileged switch to a resource: template maybe? or maybe a special about: page (unprivileged, of course) create from scratch into a data: or about:blank document? disable javascript and plugins on the docshell Additional input from gavin: we should use an iframe as we do with the inspector http://mxr.mozilla.org/mozilla-central/source/browser/base/content/inspector.js?force=1#467
Assignee | ||
Comment 1•14 years ago
|
||
that should be fairly easy to implement.
Assignee: nobody → rcampbell
Status: NEW → ASSIGNED
Updated•14 years ago
|
blocking2.0: --- → ?
OS: Mac OS X → All
Hardware: x86 → All
Version: unspecified → Trunk
Assignee | ||
Comment 2•14 years ago
|
||
converted <browser> to <iframe>, type: "content". Tests passed with no changes.
Attachment #482946 -
Flags: review?(dietrich)
Updated•14 years ago
|
blocking2.0: ? → betaN+
Assignee | ||
Comment 3•14 years ago
|
||
The Real Net Panel iframe Patch
Attachment #482946 -
Attachment is obsolete: true
Attachment #483500 -
Flags: review?(gavin.sharp)
Attachment #482946 -
Flags: review?(dietrich)
Comment 4•14 years ago
|
||
Comment on attachment 483500 [details] [diff] [review] Net Panel iframe (really) r=me, but might want to rename the property to "iframe" just for clarity, and change the two "browser" references in the comments for update().
Attachment #483500 -
Flags: review?(gavin.sharp) → review+
Assignee | ||
Comment 5•14 years ago
|
||
Sounds good. Thanks!
Assignee | ||
Comment 6•14 years ago
|
||
carrying review forward. Ready to checkin.
Attachment #483500 -
Attachment is obsolete: true
Attachment #483547 -
Flags: review+
Assignee | ||
Updated•14 years ago
|
Keywords: checkin-needed
Assignee | ||
Comment 7•14 years ago
|
||
missed a variable rename. Updated patch forthcoming.
Keywords: checkin-needed
Assignee | ||
Comment 8•14 years ago
|
||
Passed unittests
Attachment #483547 -
Attachment is obsolete: true
Attachment #483570 -
Flags: review+
Assignee | ||
Updated•14 years ago
|
Keywords: checkin-needed
Assignee | ||
Comment 9•14 years ago
|
||
Comment on attachment 483570 [details] [diff] [review] [checked-in] Net Panel iframe (post-review, really) http://hg.mozilla.org/mozilla-central/rev/0a8ccb9ecdce
Attachment #483570 -
Attachment description: Net Panel iframe (post-review, really) → [checked-in] Net Panel iframe (post-review, really)
Assignee | ||
Updated•14 years ago
|
Assignee | ||
Comment 10•14 years ago
|
||
reopening. I checked in the original, unupdated version of this patch. Will reland with correct bits tomorrow.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Updated•14 years ago
|
Attachment #483570 -
Attachment description: [checked-in] Net Panel iframe (post-review, really) → Net Panel iframe (post-review, really)
Assignee | ||
Comment 11•14 years ago
|
||
Comment on attachment 483570 [details] [diff] [review] [checked-in] Net Panel iframe (post-review, really) http://hg.mozilla.org/mozilla-central/rev/dfcca662079e
Attachment #483570 -
Attachment description: Net Panel iframe (post-review, really) → [checked-in] Net Panel iframe (post-review, really)
Assignee | ||
Updated•14 years ago
|
Status: REOPENED → RESOLVED
Closed: 14 years ago → 14 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•