Closed
Bug 814153
Opened 13 years ago
Closed 13 years ago
Need additional security checks for the "settings" permission
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
People
(Reporter: bent.mozilla, Assigned: gwagner)
References
Details
Attachments
(1 file)
|
1007 bytes,
patch
|
bent.mozilla
:
review+
|
Details | Diff | Splinter Review |
Notes from conversation with gregor:
settings:
settings-read and settings-write both checked in child for dom access, but returns non-null if access not granted (logs error to console only)
doesn't assert permission before adding listeners ("Settings:RegisterForMessages")
We should tighten this up a little.
|
||
Updated•13 years ago
|
blocking-basecamp: ? → +
|
||
Comment 1•13 years ago
|
||
Gregor, Doug said you should be the lucky owner of this bug. Congrats! :)
Assignee: nobody → anygregor
|
Assignee | |
Comment 2•13 years ago
|
||
|
|
Assignee | |
Comment 3•13 years ago
|
||
(In reply to ben turner [:bent] from comment #0)
> Notes from conversation with gregor:
>
> settings:
> settings-read and settings-write both checked in child for dom access, but
> returns non-null if access not granted (logs error to console only)
fixed by 815398
> doesn't assert permission before adding listeners
> ("Settings:RegisterForMessages")
This patch
|
|
Assignee | |
Updated•13 years ago
|
Attachment #686625 -
Flags: review?(bent.mozilla)
|
Reporter | |
Updated•13 years ago
|
Attachment #686625 -
Flags: review?(bent.mozilla) → review+
|
|
Assignee | |
Comment 4•13 years ago
|
||
|
|
||
Comment 5•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
|
||
Comment 6•13 years ago
|
||
|
||
Updated•7 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•