Last Comment Bug 634773 - CSPUtils incorrectly compares two CSPSourceLists - *.equals('none') returns true
: CSPUtils incorrectly compares two CSPSourceLists - *.equals('none') returns true
Product: Core
Classification: Components
Component: DOM: Core & HTML (show other bugs)
: Trunk
: All All
-- normal (vote)
: mozilla16
Assigned To: Sid Stamm [:geekboy or :sstamm]
: Andrew Overholt [:overholt]
Depends on:
Blocks: CSP
  Show dependency treegraph
Reported: 2011-02-16 16:01 PST by Brandon Sterne (:bsterne)
Modified: 2012-06-05 06:07 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

fix (469 bytes, patch)
2011-02-16 16:02 PST, Brandon Sterne (:bsterne)
no flags Details | Diff | Splinter Review
fix (2.65 KB, patch)
2012-05-31 13:55 PDT, Sid Stamm [:geekboy or :sstamm]
jst: review+
Details | Diff | Splinter Review

Description User image Brandon Sterne (:bsterne) 2011-02-16 16:01:18 PST
CSPSourceList.prototype.equals compares two source lists by doing two checks:
1. their length is equal
2. each of the items in the sorted list of sources is equal

This causes * and 'none' to be considered equal because they both have an empty internal source list.

Fixing this bug is trivial.  It is, however, hiding a bug in content/base/test/unit/test_bug558431.js.  Only that test has the bug, NOT the feature it's testing, so we don't need to worry about fixing this for Firefox 4.  I'll file a follow-up bug to fix that test.
Comment 1 User image Brandon Sterne (:bsterne) 2011-02-16 16:02:16 PST
Created attachment 512965 [details] [diff] [review]
Comment 2 User image Sid Stamm [:geekboy or :sstamm] 2012-05-31 13:55:19 PDT
Created attachment 628889 [details] [diff] [review]

unbitrotted trivial fix and added test cases.  jst: this is literally a three line fix (two that matter), touching only CSPUtils.jsm.  Can you take a quick look?
Comment 3 User image Sid Stamm [:geekboy or :sstamm] 2012-06-04 08:49:58 PDT
Pushed to inbound.
Comment 4 User image Geoff Lankow (:darktrojan) 2012-06-05 06:07:05 PDT

Note You need to log in before you can comment on or make changes to this bug.