CSPUtils incorrectly compares two CSPSourceLists - *.equals('none') returns true

RESOLVED FIXED in mozilla16

Status

()

defect
RESOLVED FIXED
9 years ago
7 years ago

People

(Reporter: bsterne, Assigned: geekboy)

Tracking

(Blocks 1 bug)

Trunk
mozilla16
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

CSPSourceList.prototype.equals compares two source lists by doing two checks:
1. their length is equal
2. each of the items in the sorted list of sources is equal

This causes * and 'none' to be considered equal because they both have an empty internal source list.

Fixing this bug is trivial.  It is, however, hiding a bug in content/base/test/unit/test_bug558431.js.  Only that test has the bug, NOT the feature it's testing, so we don't need to worry about fixing this for Firefox 4.  I'll file a follow-up bug to fix that test.
Posted patch fix (obsolete) — Splinter Review
Blocks: CSP
Assignee: brandon → sstamm
Posted patch fixSplinter Review
unbitrotted trivial fix and added test cases.  jst: this is literally a three line fix (two that matter), touching only CSPUtils.jsm.  Can you take a quick look?
Attachment #512965 - Attachment is obsolete: true
Attachment #628889 - Flags: review?(jst)
Attachment #628889 - Flags: review?(jst) → review+
Pushed to inbound.
https://hg.mozilla.org/integration/mozilla-inbound/rev/829e55e4ff61
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla15
Target Milestone: mozilla15 → mozilla16
https://hg.mozilla.org/mozilla-central/rev/829e55e4ff61
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.