The default bug view has changed. See this FAQ.

CSPUtils incorrectly compares two CSPSourceLists - *.equals('none') returns true

RESOLVED FIXED in mozilla16

Status

()

Core
DOM: Core & HTML
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: bsterne, Assigned: geekboy)

Tracking

(Blocks: 1 bug)

Trunk
mozilla16
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

6 years ago
CSPSourceList.prototype.equals compares two source lists by doing two checks:
1. their length is equal
2. each of the items in the sorted list of sources is equal

This causes * and 'none' to be considered equal because they both have an empty internal source list.

Fixing this bug is trivial.  It is, however, hiding a bug in content/base/test/unit/test_bug558431.js.  Only that test has the bug, NOT the feature it's testing, so we don't need to worry about fixing this for Firefox 4.  I'll file a follow-up bug to fix that test.
(Reporter)

Comment 1

6 years ago
Created attachment 512965 [details] [diff] [review]
fix
(Reporter)

Updated

6 years ago
Blocks: 493857
(Assignee)

Updated

5 years ago
Assignee: brandon → sstamm
(Assignee)

Comment 2

5 years ago
Created attachment 628889 [details] [diff] [review]
fix

unbitrotted trivial fix and added test cases.  jst: this is literally a three line fix (two that matter), touching only CSPUtils.jsm.  Can you take a quick look?
Attachment #512965 - Attachment is obsolete: true
Attachment #628889 - Flags: review?(jst)

Updated

5 years ago
Attachment #628889 - Flags: review?(jst) → review+
(Assignee)

Comment 3

5 years ago
Pushed to inbound.
https://hg.mozilla.org/integration/mozilla-inbound/rev/829e55e4ff61
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla15
Target Milestone: mozilla15 → mozilla16
https://hg.mozilla.org/mozilla-central/rev/829e55e4ff61
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.