Closed Bug 807371 Opened 12 years ago Closed 11 years ago

Stop calling CheckFunctionAccess in WebIDL callbacks

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 840488

People

(Reporter: bzbarsky, Unassigned)

References

Details

Attachments

(1 file)

patch
2.80 KB, patch
bzbarsky
: review-
Details | Diff | Splinter Review 
We should just be checking whether script is enabled on the relevant nsIScriptContext.  Probably modulo system object principals for the callback.  Want to land bug 807226 first to mitigate risk.
No longer blocks: 807226
Depends on: 807226
Attached patch patchSplinter Review 
Assignee: nobody → nsm.nikhil

        Attachment #801816 -
        Flags: review?(bzbarsky)

    
    

    
  
Comment on attachment 801816 [details] [diff] [review]
patch

This gives different behavior from what we have now, no?  Specifically: 

1. The current code allows expanded principals to execute, even if script is
   disabled.
2. The current code follows the docshell's JavaScript-disabled setting. 
3. The current code follows the global JavaScript-disabled pref. 
4. The about: URI bits in nsScriptSecurityManager::CanExecuteScripts.

        Attachment #801816 -
        Flags: review?(bzbarsky) → review-

    
    

    
  
So this patch should also call CanExecuteScripts() like CheckFunctionAccess() does? At that point it seems this patch is almost like inlining CheckFunctionAccess(). Could you explain why this is required then? I don't understand the difference.

    
    

    
  
CheckFunctionAccess takes arguments that are, in practice, unused from this code.  Just calling CanExecuteScripts would make it clearer what's really going on here: what we have now looks like a security check, and it's not.

That said, if we seriously want to work on this stuff I'd prefer we fix bug 840488.
Assignee: nsm.nikhil → nobody
Depends on: 840488

    
    

    
  
I did this in bug 840488.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: