Last Comment Bug 656815 - javascript: URIs refuse to load when channel owner is null
: javascript: URIs refuse to load when channel owner is null
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: General (show other bugs)
: unspecified
: All All
: -- normal (vote)
: mozilla6
Assigned To: :Gavin Sharp [email: gavin@gavinsharp.com]
:
Mentors:
Depends on: 656433
Blocks:
  Show dependency treegraph
 
Reported: 2011-05-12 17:18 PDT by :Gavin Sharp [email: gavin@gavinsharp.com]
Modified: 2011-05-26 20:50 PDT (History)
4 users (show)
gavin.sharp: in‑testsuite+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch (975 bytes, patch)
2011-05-12 17:19 PDT, :Gavin Sharp [email: gavin@gavinsharp.com]
bzbarsky: feedback-
Details | Diff | Review
patch (1.25 KB, patch)
2011-05-13 10:23 PDT, :Gavin Sharp [email: gavin@gavinsharp.com]
no flags Details | Diff | Review
patch, with tests (4.79 KB, patch)
2011-05-13 10:42 PDT, :Gavin Sharp [email: gavin@gavinsharp.com]
bzbarsky: review+
Details | Diff | Review

Description :Gavin Sharp [email: gavin@gavinsharp.com] 2011-05-12 17:18:03 PDT
See bug 656433 comment 19 and subsequent comments. Once we disallow inheriting of principals for URIs entered in the location bar, it would be nice to continue to allow javascript URIs that simply produce output to continue to work, by having them run against a null principal.
Comment 1 :Gavin Sharp [email: gavin@gavinsharp.com] 2011-05-12 17:19:28 PDT
Created attachment 532084 [details] [diff] [review]
patch

This seems to work (tested with the patch from bug 656433). Is it going to cause any security problems? I don't know!
Comment 2 Boris Zbarsky [:bz] 2011-05-12 18:08:33 PDT
Comment on attachment 532084 [details] [diff] [review]
patch

We actually depend on this code being the way it is to avoid running JS (even in a sandbox) in some contexts.  I'd rather not change that behavior right now.

For the bug 656433 thing, we'd want to get a null principal in docshell only.
Comment 3 :Gavin Sharp [email: gavin@gavinsharp.com] 2011-05-13 10:23:11 PDT
Created attachment 532270 [details] [diff] [review]
patch

As discussed on IRC.
Comment 4 :Gavin Sharp [email: gavin@gavinsharp.com] 2011-05-13 10:42:00 PDT
Created attachment 532274 [details] [diff] [review]
patch, with tests
Comment 5 Boris Zbarsky [:bz] 2011-05-13 10:54:05 PDT
Comment on attachment 532274 [details] [diff] [review]
patch, with tests

r=me
Comment 6 Brendan Eich [:brendan] 2011-05-13 11:33:50 PDT
Appreciate this followup work -- my javascript: typing habits thank you!

/be
Comment 7 :Gavin Sharp [email: gavin@gavinsharp.com] 2011-05-16 18:10:33 PDT
http://hg.mozilla.org/mozilla-central/rev/2c977d6f8a75
Comment 8 :Gavin Sharp [email: gavin@gavinsharp.com] 2011-05-16 18:13:03 PDT
Note that there's still a slight annoyance here: the JS loaded in this scenario still won't have an associated window object, so thing like e.g. "javsacript:alert(1+1)" still won't work. We should probably get a followup filed to run them against about:blank somehow.

Note You need to log in before you can comment on or make changes to this bug.