Open
Bug 839010
Opened 13 years ago
Updated 3 years ago
does Range really need CanCallerAccess() checks still?
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
NEW
People
(Reporter: tbsaunde, Unassigned)
Details
the script visible methods on Range check that argument nodes can be accessed by the caller with nsContentUtils::CanCallerAccess() it seems fairly unlikely that's actually needed.
Can anybody come up with a reason we do need it?
|
||
Comment 1•13 years ago
|
||
I don't see any reason for those checks.
|
|
||
Comment 2•13 years ago
|
||
Old code, originally from Bug 156452
|
||
Comment 3•13 years ago
|
||
(In reply to Trevor Saunders (:tbsaunde) from comment #0)
> the script visible methods on Range check that argument nodes can be
> accessed by the caller with nsContentUtils::CanCallerAccess() it seems
> fairly unlikely that's actually needed.
Yeah, if the concern is just that the calling script might not be allowed to access those nodes, it should be pretty obsolete. We check all script arguments passed into native code to make sure we're allowed to access them. Moreover, script should never be able to get a reference to a node it doesn't have full access to anyway (given the semantics of the same-origin policy).
|
Assignee | |
Updated•13 years ago
|
Component: DOM: Traversal-Range → DOM: Core & HTML
|
||
Comment 4•7 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046
Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.
If you have questions, please contact :mdaly.
Priority: -- → P5
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•