Closed Bug 634773 Opened 9 years ago Closed 8 years ago

CSPUtils incorrectly compares two CSPSourceLists - *.equals('none') returns true

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla16

People

(Reporter: bsterne, Assigned: geekboy)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 1 obsolete file)

CSPSourceList.prototype.equals compares two source lists by doing two checks:
1. their length is equal
2. each of the items in the sorted list of sources is equal

This causes * and 'none' to be considered equal because they both have an empty internal source list.

Fixing this bug is trivial.  It is, however, hiding a bug in content/base/test/unit/test_bug558431.js.  Only that test has the bug, NOT the feature it's testing, so we don't need to worry about fixing this for Firefox 4.  I'll file a follow-up bug to fix that test.
Attached patch fix (obsolete) — Splinter Review
Blocks: CSP
Assignee: brandon → sstamm
Attached patch fixSplinter Review
unbitrotted trivial fix and added test cases.  jst: this is literally a three line fix (two that matter), touching only CSPUtils.jsm.  Can you take a quick look?
Attachment #512965 - Attachment is obsolete: true
Attachment #628889 - Flags: review?(jst)
Attachment #628889 - Flags: review?(jst) → review+
Pushed to inbound.
https://hg.mozilla.org/integration/mozilla-inbound/rev/829e55e4ff61
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla15
Target Milestone: mozilla15 → mozilla16
https://hg.mozilla.org/mozilla-central/rev/829e55e4ff61
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.