Last Comment Bug 634773 - CSPUtils incorrectly compares two CSPSourceLists - *.equals('none') returns true
: CSPUtils incorrectly compares two CSPSourceLists - *.equals('none') returns true
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: DOM: Core & HTML (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla16
Assigned To: Sid Stamm [:geekboy or :sstamm]
:
:
Mentors:
Depends on:
Blocks: CSP
  Show dependency treegraph
 
Reported: 2011-02-16 16:01 PST by Brandon Sterne (:bsterne)
Modified: 2012-06-05 06:07 PDT (History)
5 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
fix (469 bytes, patch)
2011-02-16 16:02 PST, Brandon Sterne (:bsterne)
no flags Details | Diff | Splinter Review
fix (2.65 KB, patch)
2012-05-31 13:55 PDT, Sid Stamm [:geekboy or :sstamm]
jst: review+
Details | Diff | Splinter Review

Description Brandon Sterne (:bsterne) 2011-02-16 16:01:18 PST
CSPSourceList.prototype.equals compares two source lists by doing two checks:
1. their length is equal
2. each of the items in the sorted list of sources is equal

This causes * and 'none' to be considered equal because they both have an empty internal source list.

Fixing this bug is trivial.  It is, however, hiding a bug in content/base/test/unit/test_bug558431.js.  Only that test has the bug, NOT the feature it's testing, so we don't need to worry about fixing this for Firefox 4.  I'll file a follow-up bug to fix that test.
Comment 1 Brandon Sterne (:bsterne) 2011-02-16 16:02:16 PST
Created attachment 512965 [details] [diff] [review]
fix
Comment 2 Sid Stamm [:geekboy or :sstamm] 2012-05-31 13:55:19 PDT
Created attachment 628889 [details] [diff] [review]
fix

unbitrotted trivial fix and added test cases.  jst: this is literally a three line fix (two that matter), touching only CSPUtils.jsm.  Can you take a quick look?
Comment 3 Sid Stamm [:geekboy or :sstamm] 2012-06-04 08:49:58 PDT
Pushed to inbound.
https://hg.mozilla.org/integration/mozilla-inbound/rev/829e55e4ff61
Comment 4 Geoff Lankow (:darktrojan) 2012-06-05 06:07:05 PDT
https://hg.mozilla.org/mozilla-central/rev/829e55e4ff61

Note You need to log in before you can comment on or make changes to this bug.