bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

[XPCDOM] Accessing window.location doesn't call canAccess()

VERIFIED FIXED

Status

()

Core
DOM: Core & HTML
--
blocker
VERIFIED FIXED
18 years ago
10 years ago

People

(Reporter: Mitchell Stoltz (not reading bugmail), Assigned: jst)

Tracking

Trunk
x86
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Accesses of window.location aren't causing a call to canAccess() in the security
manager, nor are accesses of properties defined in scripts.
(Reporter)

Comment 1

18 years ago
Upping severity to blocker. If not fixed, this will allow some pretty bad
privacy violations.
Severity: normal → blocker
(Assignee)

Comment 2

18 years ago
Mitch, what security manager methods should I call in the scriptable helper
code? And when? On setting a property and getting a property, any other cases?
(Reporter)

Comment 3

18 years ago
Look at nsIXPCSecurityManager; the names of the functions are pretty
self-explanatory. THose are the functions we should be calling.
(Assignee)

Comment 4

17 years ago
Fixed.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED

Comment 5

17 years ago
Johhney or Mitch, could you please verify this one ?
(Reporter)

Comment 6

17 years ago
Verified. I've re-tested this.
Status: RESOLVED → VERIFIED

Updated

10 years ago
Component: DOM: Core → DOM: Core & HTML
QA Contact: desale → general
You need to log in before you can comment on or make changes to this bug.