Closed
Bug 999585
Opened 10 years ago
Closed 10 years ago
enable new slaughterhouse APIs even with the unsafe-content-script flag on
Categories
(Add-on SDK Graveyard :: General, defect)
Add-on SDK Graveyard
General
Tracking
(firefox30+ fixed, firefox31 fixed, firefox32 fixed, b2g-v1.4 fixed)
RESOLVED
FIXED
mozilla32
People
(Reporter: zombie, Assigned: gkrizsanits)
References
Details
Attachments
(1 file)
960 bytes,
patch
|
mossop
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
this would enable addon devs to enable the temporary workaround and then test/fix the issues one by one.
Assignee | ||
Comment 1•10 years ago
|
||
This should not be a sec bug imo. And the patch should be as simple as turning the wantExportHelpers flag true in all cases here: http://mxr.mozilla.org/mozilla-central/source/addon-sdk/source/lib/sdk/content/sandbox.js#145 only problem is that the patch should be uplifted to aurora, and then make sure not to overwrite the patch on trunk in the next SDK merges...
Reporter | ||
Comment 2•10 years ago
|
||
> This should not be a sec bug imo.
yeah probably, Mossop's instructions (without looking into details) was: "if you are unsure, just flag them, easier to unflag if it's not".
Assignee | ||
Comment 3•10 years ago
|
||
Assignee: nobody → gkrizsanits
Attachment #8412515 -
Flags: review?(dtownsend+bugmail)
Updated•10 years ago
|
Group: core-security
Updated•10 years ago
|
Attachment #8412515 -
Flags: review?(dtownsend+bugmail) → review+
Assignee | ||
Comment 4•10 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=a342ee0e4869 https://hg.mozilla.org/integration/mozilla-inbound/rev/e4ff4df25884
Assignee | ||
Comment 5•10 years ago
|
||
Comment on attachment 8412515 [details] [diff] [review] wantExportHelpers [Approval Request Comment] Bug caused by (feature/regressing bug #): 821809 User impact if declined: Right now the new API is not available when add-on developers explicitly waive the extra security layer between content-script and web content. But there were requests to make those API available, making an incremental migration to the the new setup possible. Testing completed (on m-c, etc.): on m-c Risk to taking this patch (and alternatives if risky): I don't see any risk in this patch. String or IDL/UUID changes made by this patch: none
Attachment #8412515 -
Flags: approval-mozilla-aurora?
Comment 6•10 years ago
|
||
It's merge day and this isn't on central yet so will track this and we can land it to Beta post-merge.
https://hg.mozilla.org/mozilla-central/rev/e4ff4df25884
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Updated•10 years ago
|
status-firefox32:
--- → fixed
Updated•10 years ago
|
Attachment #8412515 -
Flags: approval-mozilla-beta+
Attachment #8412515 -
Flags: approval-mozilla-aurora?
Attachment #8412515 -
Flags: approval-mozilla-aurora+
Comment 8•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/174cb5bb721b https://hg.mozilla.org/releases/mozilla-beta/rev/5c955e3d64b6
Updated•10 years ago
|
status-b2g-v1.4:
--- → fixed
Comment 10•10 years ago
|
||
Commit pushed to master at https://github.com/mozilla/addon-sdk https://github.com/mozilla/addon-sdk/commit/b491eb4072bb9b3222dd9e110f796c6d5b95bd99 Bug 999585 - wantExportHelpers for all content-script. r=Mossop
You need to log in
before you can comment on or make changes to this bug.
Description
•