Last Comment Bug 658383 - Location bar "Go" button is not subject to the javascript: URL security changes in bug 656433
: Location bar "Go" button is not subject to the javascript: URL security chang...
Status: VERIFIED FIXED
:
Product: Firefox
Classification: Client Software
Component: Location Bar (show other bugs)
: Trunk
: x86 Mac OS X
: -- normal (vote)
: Firefox 6
Assigned To: :Gavin Sharp [email: gavin@gavinsharp.com]
:
Mentors:
Depends on: 672813
Blocks: 527530
  Show dependency treegraph
 
Reported: 2011-05-19 14:02 PDT by Jesse Ruderman
Modified: 2011-07-28 07:22 PDT (History)
5 users (show)
gavin.sharp: in‑testsuite+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch (5.00 KB, patch)
2011-05-19 15:31 PDT, :Gavin Sharp [email: gavin@gavinsharp.com]
dao+bmo: review+
Details | Diff | Splinter Review
updated patch (4.97 KB, patch)
2011-05-19 17:13 PDT, :Gavin Sharp [email: gavin@gavinsharp.com]
no flags Details | Diff | Splinter Review

Description Jesse Ruderman 2011-05-19 14:02:16 PDT
(split from bug 658220)
Comment 1 :Gavin Sharp [email: gavin@gavinsharp.com] 2011-05-19 15:31:33 PDT
Created attachment 533818 [details] [diff] [review]
patch
Comment 2 Dão Gottwald [:dao] 2011-05-19 16:29:32 PDT
Comment on attachment 533818 [details] [diff] [review]
patch

>+          function loadCurrent(url, postData) {
>+            // Pass LOAD_FLAGS_DISALLOW_INHERIT_OWNER to prevent any loads from
>+            // inheriting the currently loaded document's principal.
>+            let flags = Ci.nsIWebNavigation.LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP |
>+                        Ci.nsIWebNavigation.LOAD_FLAGS_DISALLOW_INHERIT_OWNER;
>+            gBrowser.loadURIWithFlags(url, flags, null, null, postData);
>+          }

>+              loadCurrent(url, postData);

>+            loadCurrent(url, postData);

It looks like url and postData are already in loadCurrent's scope and don't need to be passed in.
Comment 3 :Gavin Sharp [email: gavin@gavinsharp.com] 2011-05-19 17:13:47 PDT
Created attachment 533851 [details] [diff] [review]
updated patch
Comment 4 :Gavin Sharp [email: gavin@gavinsharp.com] 2011-05-23 11:04:40 PDT
http://hg.mozilla.org/mozilla-central/rev/e5663e0e20b3
Comment 5 Simona B [:simonab] 2011-07-28 07:22:04 PDT
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20100101 Firefox/6.0

Verified issue on Mac OS X 10.6. "Go" button is no longer a subject to the javascript: URL.

Setting resolution to VERIFIED FIXED.

Note You need to log in before you can comment on or make changes to this bug.