Closed
Bug 619800
Opened 14 years ago
Closed 14 years ago
Enable scriptability for nsIPrincipal methods
Categories
(Core :: Security, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: asaf, Assigned: asaf)
References
Details
(Keywords: dev-doc-complete)
Attachments
(1 file)
4.79 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
bzbarsky
:
approval2.0+
|
Details | Diff | Splinter Review |
Every once in a while I'm looking at the ever growing XXXmano list. Today I found this bit in urlSecurityCheck (see contentAreaUtils): 76 function urlSecurityCheck(aURL, aPrincipal, aFlags) ... 90 } catch (e) { 91 // XXXmano: dump the principal url here too 92 throw "Load of " + aURL + " denied."; 93 } But nsIPrincipal::URI is marked [noscript]. Any reason for that?
Assignee | ||
Comment 1•14 years ago
|
||
Oh, I just saw bug 327242 comment 3. I guess we could add a new property.
Comment 2•14 years ago
|
||
That comment predates bug 339822 being fixed. At this point there's no reason to not make URI scriptable on principals, imo.
Assignee | ||
Comment 3•14 years ago
|
||
Does this require anything other than removing the [noscript] bit in the interface? We should probably enable scriptability of few more nsIPrincipal methods and attributes while we are at it. For example, I cannot see a reason for subsumes not being scriptable.
Comment 4•14 years ago
|
||
> Does this require anything other than removing the [noscript] bit Nope. > For example, I cannot see a reason for subsumes not being scriptable. Agreed.
Assignee | ||
Updated•14 years ago
|
Assignee: nobody → mano
Summary: nsIPrincipal::URI should be scriptable → Enable scriptability for nsIPrincipal methods
Assignee | ||
Comment 5•14 years ago
|
||
Still not scriptable: * The capacity methods - mostly because it seems they need some polish. * securityPolicy - Could we provide an interface here? * domain - because it's settable * hashValue - seems useless for JS. * getJSPrincipals It would be nice to have this for 2.0, but it worries me that I cannot think of potential issues...
Attachment #498767 -
Flags: superreview?(bzbarsky)
Attachment #498767 -
Flags: review?(bzbarsky)
Comment 6•14 years ago
|
||
Comment on attachment 498767 [details] [diff] [review] Step |csp| is also settable. I don't think we should make it scriptable without some separate review from the csp folks. The rest looks fine to me. r=me with the above caveat.
Attachment #498767 -
Flags: superreview?(bzbarsky)
Attachment #498767 -
Flags: superreview+
Attachment #498767 -
Flags: review?(bzbarsky)
Attachment #498767 -
Flags: review+
Assignee | ||
Comment 7•14 years ago
|
||
Comment on attachment 498767 [details] [diff] [review] Step With bz's comment's fixed (that is, remove the last hunk of this patch), I'd like to get this for 2.0. Drivers: This doesn't affect c++ usage, nor it could have any affect on any current js usage of principals.
Attachment #498767 -
Flags: approval2.0?
Updated•14 years ago
|
Attachment #498767 -
Flags: approval2.0? → approval2.0+
Assignee | ||
Comment 8•14 years ago
|
||
Thanks Boris! http://hg.mozilla.org/mozilla-central/rev/1cb5ff9e32f6
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•14 years ago
|
Keywords: dev-doc-needed
Comment 9•14 years ago
|
||
nsIPrincipal had not previously been documented; there is now a document, albeit incomplete, but this change is documented there. If anyone would like to fill out any of the details I don't know about nsIPrincipal, please do. Otherwise I'll be researching this and working on it as I can. https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsIPrincipal This is also properly mentioned on Firefox 4 for developers.
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•