Closed
Bug 619800
Opened 15 years ago
Closed 15 years ago
Enable scriptability for nsIPrincipal methods
Categories
(Core :: Security, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: asaf, Assigned: asaf)
References
Details
(Keywords: dev-doc-complete)
Attachments
(1 file)
|
4.79 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
bzbarsky
:
approval2.0+
|
Details | Diff | Splinter Review |
Every once in a while I'm looking at the ever growing XXXmano list. Today I found this bit in urlSecurityCheck (see contentAreaUtils):
76 function urlSecurityCheck(aURL, aPrincipal, aFlags)
...
90 } catch (e) {
91 // XXXmano: dump the principal url here too
92 throw "Load of " + aURL + " denied.";
93 }
But nsIPrincipal::URI is marked [noscript]. Any reason for that?
|
Assignee | |
Comment 1•15 years ago
|
||
Oh, I just saw bug 327242 comment 3. I guess we could add a new property.
|
||
Comment 2•15 years ago
|
||
That comment predates bug 339822 being fixed. At this point there's no reason to not make URI scriptable on principals, imo.
|
|
Assignee | |
Comment 3•15 years ago
|
||
Does this require anything other than removing the [noscript] bit in the interface? We should probably enable scriptability of few more nsIPrincipal methods and attributes while we are at it. For example, I cannot see a reason for subsumes not being scriptable.
|
|
||
Comment 4•15 years ago
|
||
> Does this require anything other than removing the [noscript] bit
Nope.
> For example, I cannot see a reason for subsumes not being scriptable.
Agreed.
|
|
Assignee | |
Updated•15 years ago
|
Assignee: nobody → mano
Summary: nsIPrincipal::URI should be scriptable → Enable scriptability for nsIPrincipal methods
|
|
Assignee | |
Comment 5•15 years ago
|
||
Still not scriptable:
* The capacity methods - mostly because it seems they need some polish.
* securityPolicy - Could we provide an interface here?
* domain - because it's settable
* hashValue - seems useless for JS.
* getJSPrincipals
It would be nice to have this for 2.0, but it worries me that I cannot think of potential issues...
Attachment #498767 -
Flags: superreview?(bzbarsky)
Attachment #498767 -
Flags: review?(bzbarsky)
|
|
||
Comment 6•15 years ago
|
||
Comment on attachment 498767 [details] [diff] [review]
Step
|csp| is also settable. I don't think we should make it scriptable without some separate review from the csp folks.
The rest looks fine to me.
r=me with the above caveat.
Attachment #498767 -
Flags: superreview?(bzbarsky)
Attachment #498767 -
Flags: superreview+
Attachment #498767 -
Flags: review?(bzbarsky)
Attachment #498767 -
Flags: review+
|
|
Assignee | |
Comment 7•15 years ago
|
||
Comment on attachment 498767 [details] [diff] [review]
Step
With bz's comment's fixed (that is, remove the last hunk of this patch), I'd like to get this for 2.0. Drivers: This doesn't affect c++ usage, nor it could have any affect on any current js usage of principals.
Attachment #498767 -
Flags: approval2.0?
|
|
||
Updated•15 years ago
|
Attachment #498767 -
Flags: approval2.0? → approval2.0+
|
|
Assignee | |
Comment 8•15 years ago
|
||
Thanks Boris!
http://hg.mozilla.org/mozilla-central/rev/1cb5ff9e32f6
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•15 years ago
|
Keywords: dev-doc-needed
|
||
Comment 9•15 years ago
|
||
nsIPrincipal had not previously been documented; there is now a document, albeit incomplete, but this change is documented there. If anyone would like to fill out any of the details I don't know about nsIPrincipal, please do. Otherwise I'll be researching this and working on it as I can.
https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsIPrincipal
This is also properly mentioned on Firefox 4 for developers.
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•