Closed Bug 750439 Opened 8 years ago Closed 9 months ago

SecReview: Implement DOM3 composition events

Categories

(mozilla.org :: Security Assurance: Review Request, task)

task
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: curtisk, Assigned: jruderman)

References

Details

(Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:0::Low][Fx])

SecReview tracking bug
Actions regarding the review of the dependent bug should be tracked here.
If I copy the pattern in https://bug543789.bugzilla.mozilla.org/attachment.cgi?id=561673 into the DOM fuzzer, will I be testing the right thing? Or do I need to somehow test with actual IMEs, or without (content) JS on the stack?
Status: ASSIGNED → NEW
This bug is assigned so I am perplexed as to why it is new and not assigned?
Traditionally, ASSIGNED means the assignee is actively working on it.
(In reply to Jesse Ruderman from comment #1)
> If I copy the pattern in
> https://bug543789.bugzilla.mozilla.org/attachment.cgi?id=561673 into the DOM
> fuzzer, will I be testing the right thing? Or do I need to somehow test with
> actual IMEs, or without (content) JS on the stack?

We can test the IME handling only for XP part by automated tests. E.g., for DOM event firing, editor behavior and so on. For testing widget part and/or combination with platform APIs or IMEs, we need the environment actually.
Do we have any such tests?
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings

Priority: N/A

Operational: 0 - N/A
User: 0 - N/A
Privacy: 0 - N/A
Engineering: 2 - Normal
Reputational: 0 - N/A

Priority Score: 0
Whiteboard: [pending secreview] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:0::Low]
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:0::Low] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:0::Low][Fx]

Jason, does Domino test these events? See e.g. comment 6. If this is covered by Domino, please just close this bug as FIXED. Thanks!

Flags: needinfo?(jkratzer)

(In reply to Christian Holler (:decoder) from comment #8)

Jason, does Domino test these events? See e.g. comment 6. If this is covered by Domino, please just close this bug as FIXED. Thanks!

Domino covers this in the context of non-privileged JS. Anything involving access to special powers (i.e. synthesizeCompositionChange) is not covered.

Flags: needinfo?(jkratzer)
Status: NEW → RESOLVED
Closed: 9 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.