Closed Bug 639130 Opened 9 years ago Closed 9 years ago
"ASSERTION: Principal mismatch" after using XMLDocument
.load on navigated-away document
###!!! ASSERTION: Principal mismatch. Expect bad things to happen: '!objPrin || objPrin->GetPrincipal() == principal', file js/src/xpconnect/src/xpcwrappednative.cpp, line 3166 ###!!! ASSERTION: Principal mismatch. Not good: 'strcmp(jsClass->name, "Location") == 0 ? NS_SUCCEEDED(CheckSameOriginPrincipal(result, principal)) : result == principal', file caps/src/nsScriptSecurityManager.cpp, line 2503
We should remove xmldocument.load at some point. We already warn "Warning: Use of Document.load() is deprecated. To upgrade your code, use the DOM XMLHttpRequest object. For more help https://developer.mozilla.org/en/XMLHttpRequest Source File: data:application/xml,<body%20xmlns="http://www.w3.org/1999/xhtml">1</body> Line: 0"
Assignee: nobody → Olli.Pettay
Attachment #517109 - Flags: review?(jst)
So I don't think this is actually an exploitable bug, we're merely running into two different principals from the same origin here. Smaug, if you disagree, please let me know.
Taking Olli's silence as consent. Looks like we block too much access which is the opposite of the security problem of allowing access we shouldn't.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.