Open
Bug 846300
Opened 11 years ago
Updated 1 year ago
Security Warning messages in console should have associated window ID
Categories
(Core :: General, defect)
Tracking
()
NEW
People
(Reporter: jdm, Unassigned)
References
Details
Messages like "Security Error: Content at https://www.google.ro/ may not load data from http://www.youtube.com/" are just the result of LogStringMessage, so they have no associated window. This means they can't be checked for privacy concerns and end up leaking information in the console.
|
Reporter | |
Comment 1•11 years ago
|
||
The following should not be difficult to correct: http://hg.mozilla.org/mozilla-central/annotate/0a91da5f5eab/content/base/src/nsDataDocumentContentPolicy.cpp#l98 http://hg.mozilla.org/mozilla-central/annotate/0a91da5f5eab/caps/src/nsScriptSecurityManager.cpp#l610 http://hg.mozilla.org/mozilla-central/annotate/0a91da5f5eab/caps/src/nsScriptSecurityManager.cpp#l624 For these, I have no idea: http://hg.mozilla.org/mozilla-central/annotate/0a91da5f5eab/caps/src/nsNullPrincipal.cpp#l254 http://hg.mozilla.org/mozilla-central/annotate/0a91da5f5eab/caps/src/nsPrincipal.cpp#l384 http://hg.mozilla.org/mozilla-central/annotate/0a91da5f5eab/caps/src/nsPrincipal.cpp#l411 http://hg.mozilla.org/mozilla-central/annotate/0a91da5f5eab/caps/src/nsPrincipal.cpp#l443
|
||
Updated•11 years ago
|
Product: Firefox → Core
|
||
Comment 2•11 years ago
|
||
Principals are shared across windows in many cases, so.... And I have no idea how you'd annotate CheckSameOriginURI, for that matter.
|
||
Updated•1 year ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•