Investigate why resizer binding script works

NEW
Unassigned

Status

()

Core
XUL
7 years ago
6 years ago

People

(Reporter: neil@parkwaycc.co.uk, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

7 years ago
Enn added some script to the binding for <resizer>, which can be created as anonymous content e.g. for a resizable textarea. This script executes even when JavaScript is turned off globally. We have previously had issues with XBL script attached to native anonymous content. Quoting bug 384612:

>Hey, since scrollbars and tooltips no longer need to run scripts, does this
>mean that we can remove the IsNativeAnonymous override in nsXULElement?

>I think we could, yes!  File a bug to do that, and to eliminate all the
>GetBindingParent() hackery we have instead in some places?  It'd be lovely to
>get that done for 1.9...  For one thing, it would close up some potential
>security issues.

>Hey, sweet, I didn't realize tooltips were fixed too. Please do file a bug and
>cc me and bz at least.

Sadly I don't remember whether anyone actually filed a bug.
Neil has been looking at XBL stuff lately.
Is this bug about that which is described in the summary or that described in the quoted text above?
Good question.

As I recall it this bug is about what's in the summary. I.e. investigating why <resizer> scripts still run to see if there are any holes in our security.

But that probably means that we should file a separate bug on the stuff mentioned in the quoted text.
You need to log in before you can comment on or make changes to this bug.