Closed
Bug 639130
Opened 14 years ago
Closed 14 years ago
"ASSERTION: Principal mismatch" after using XMLDocument.load on navigated-away document
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: smaug)
References
Details
(Keywords: assertion, testcase)
Attachments
(3 files)
###!!! ASSERTION: Principal mismatch. Expect bad things to happen: '!objPrin || objPrin->GetPrincipal() == principal', file js/src/xpconnect/src/xpcwrappednative.cpp, line 3166
###!!! ASSERTION: Principal mismatch. Not good: 'strcmp(jsClass->name, "Location") == 0 ? NS_SUCCEEDED(CheckSameOriginPrincipal(result, principal)) : result == principal', file caps/src/nsScriptSecurityManager.cpp, line 2503
|
Reporter | |
Comment 1•14 years ago
|
||
|
Assignee | |
Comment 2•14 years ago
|
||
We should remove xmldocument.load at some point. We already warn
"Warning: Use of Document.load() is deprecated. To upgrade your code, use the DOM XMLHttpRequest object. For more help https://developer.mozilla.org/en/XMLHttpRequest
Source File: data:application/xml,<body%20xmlns="http://www.w3.org/1999/xhtml">1</body>
Line: 0"
Assignee: nobody → Olli.Pettay
Attachment #517109 -
Flags: review?(jst)
|
||
Updated•14 years ago
|
Attachment #517109 -
Flags: review?(jst) → review+
|
|
||
Comment 3•14 years ago
|
||
So I don't think this is actually an exploitable bug, we're merely running into two different principals from the same origin here. Smaug, if you disagree, please let me know.
|
||
Comment 4•14 years ago
|
||
Taking Olli's silence as consent. Looks like we block too much access which is the opposite of the security problem of allowing access we shouldn't.
Group: core-security
|
|
Assignee | |
Comment 5•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•