superreview requested: [Bug 354693] [FIX] Security checks for channel redirects inconsistent with document principals : [Attachment 240472] Fix

Boris Zbarsky <bzbarsky@mit.edu> has asked Jonas Sicking <bugmail@sicking.cc>
for superreview:
Bug 354693: [FIX] Security checks for channel redirects inconsistent with
document principals
https://bugzilla.mozilla.org/show_bug.cgi?id=354693

Attachment 240472: Fix
https://bugzilla.mozilla.org/attachment.cgi?id=240472&action=edit

------- Additional Comments from Boris Zbarsky <bzbarsky@mit.edu>
dveditz, I just want your review on the security manager changes; I think
sicking can handle all the XUL stuff.

Summary of changes:

1)  Make redirect check consistent with how we get document principals
2)  Make XUL proto documents always have a principal and always serialize it.
3)  Rev XUL fastload version to deal with that.
4)  Make about:blank document creation take a principal argument.

The rest is just the implementation details.
0
bugzilla
9/28/2006 3:48:25 PM
mozilla.dev.super-review 29307 articles. 3 followers. Post Follow

0 Replies
337 Views

Similar Articles

[PageSpeed] 26

Reply:

Similar Artilces:

superreview granted: [Bug 354693] [FIX] Security checks for channel redirects inconsistent with document principals : [Attachment 240472] Fix
Jonas Sicking <bugmail@sicking.cc> has granted Boris Zbarsky <bzbarsky@mit.edu>'s request for superreview: Bug 354693: [FIX] Security checks for channel redirects inconsistent with document principals https://bugzilla.mozilla.org/show_bug.cgi?id=354693 Attachment 240472: Fix https://bugzilla.mozilla.org/attachment.cgi?id=240472&action=edit ------- Additional Comments from Jonas Sicking <bugmail@sicking.cc> sr=sicking ...

superreview requested: [Bug 396443] SVG documents only documents that don't do an Enumerate security check : [Attachment 307737] Fix.
Johnny Stenback (:jst) <jst@mozilla.org> has asked Blake Kaplan <mrbkap@gmail.com> for superreview: Bug 396443: SVG documents only documents that don't do an Enumerate security check https://bugzilla.mozilla.org/show_bug.cgi?id=396443 Attachment 307737: Fix. https://bugzilla.mozilla.org/attachment.cgi?id=307737&action=edit ------- Additional Comments from Johnny Stenback (:jst) <jst@mozilla.org> Yeah, I see no reason why we wouldn't want this, especially now that window.document is no longer allAccess which means that other origins shouldn't be a...

superreview requested: [Bug 342489] [FIX]Security check in InstallTriggerCheckLoadURIFromScript is odd : [Attachment 226737] Fix
Boris Zbarsky (gone June 26 -- Jul 13) <bzbarsky@mit.edu> has asked Daniel Veditz <dveditz@cruzio.com> for superreview: Bug 342489: [FIX]Security check in InstallTriggerCheckLoadURIFromScript is odd https://bugzilla.mozilla.org/show_bug.cgi?id=342489 Attachment 226737: Fix https://bugzilla.mozilla.org/attachment.cgi?id=226737&action=edit ...

superreview requested: [Bug 269270] Saved capability principal gives wrong baseURI for document.open() documents : [Attachment 245879] Patch that fixes the attached testcase
Boris Zbarsky <bzbarsky@mit.edu> has asked Johnny Stenback <jst@mozilla.org> for superreview: Bug 269270: Saved capability principal gives wrong baseURI for document.open() documents https://bugzilla.mozilla.org/show_bug.cgi?id=269270 Attachment 245879: Patch that fixes the attached testcase https://bugzilla.mozilla.org/attachment.cgi?id=245879&action=edit ...

superreview requested: [Bug 343065] [FIX]DOMSerializer does security checks against URIs, not principals : [Attachment 227494] 1.8 branch patch
Boris Zbarsky (gone June 26 -- Jul 13) <bzbarsky@mit.edu> has asked Peter Van der Beken <peterv@propagandism.org> for superreview: Bug 343065: [FIX]DOMSerializer does security checks against URIs, not principals https://bugzilla.mozilla.org/show_bug.cgi?id=343065 Attachment 227494: 1.8 branch patch https://bugzilla.mozilla.org/attachment.cgi?id=227494&action=edit ...

superreview requested: [Bug 332840] [FIX]DOMParser gets wrong principal if no JS on stack (reload all live bookmarks produces security error in console) : [Attachment 236183] With that issue fixed
Boris Zbarsky <bzbarsky@mit.edu> has asked Johnny Stenback <jst@mozilla.org> for superreview: Bug 332840: [FIX]DOMParser gets wrong principal if no JS on stack (reload all live bookmarks produces security error in console) https://bugzilla.mozilla.org/show_bug.cgi?id=332840 Attachment 236183: With that issue fixed https://bugzilla.mozilla.org/attachment.cgi?id=236183&action=edit ...

superreview requested: [Bug 332840] [FIX]DOMParser gets wrong principal if no JS on stack (reload all live bookmarks produces security error in console) : [Attachment 236487] Fix the issue sicking poi
Boris Zbarsky <bzbarsky@mit.edu> has asked Johnny Stenback <jst@mozilla.org> for superreview: Bug 332840: [FIX]DOMParser gets wrong principal if no JS on stack (reload all live bookmarks produces security error in console) https://bugzilla.mozilla.org/show_bug.cgi?id=332840 Attachment 236487: Fix the issue sicking pointed out, and actually do the security check we should have been doing to make sure our args are not fake or anything. https://bugzilla.mozilla.org/attachment.cgi?id=236487&action=edit ...

superreview requested: [Bug 282615] DOMSerializer's security checks don't take capabilities into account. : [Attachment 174606] Fix (diff -w for reviews)
Johnny Stenback <jst@mozilla.org> has asked Boris Zbarsky <bzbarsky@mit.edu> for superreview: Bug 282615: DOMSerializer's security checks don't take capabilities into account. https://bugzilla.mozilla.org/show_bug.cgi?id=282615 Attachment 174606: Fix (diff -w for reviews) https://bugzilla.mozilla.org/attachment.cgi?id=174606&action=edit ...

superreview canceled: [Bug 396443] SVG documents only documents that don't do an Enumerate security check : [Attachment 307737] Fix.
Johnny Stenback (:jst) <jst@mozilla.org> has canceled Johnny Stenback (:jst) <jst@mozilla.org>'s request for superreview: Bug 396443: SVG documents only documents that don't do an Enumerate security check https://bugzilla.mozilla.org/show_bug.cgi?id=396443 Attachment 307737: Fix. https://bugzilla.mozilla.org/attachment.cgi?id=307737&action=edit ------- Additional Comments from Johnny Stenback (:jst) <jst@mozilla.org> Same thing, but makes the security checks in the enumerate hook debug only, and make them only assert. ...

superreview granted: [Bug 392338] [FIX]Request created via document. load causes Component does not have requested interface arg 0 [ nsIHttpChannel.notificationCallbacks] : [Attachment 294926] Fix plu
Johnny Stenback (:jst) <jst@mozilla.org> has granted Boris Zbarsky (reviews very slow until spring) <bzbarsky@mit.edu>'s request for superreview: Bug 392338: [FIX]Request created via document.load causes Component does not have requested interface arg 0 [nsIHttpChannel.notificationCallbacks] https://bugzilla.mozilla.org/show_bug.cgi?id=392338 Attachment 294926: Fix plus test https://bugzilla.mozilla.org/attachment.cgi?id=294926&action=edit ------- Additional Comments from Johnny Stenback (:jst) <jst@mozilla.org> Ok, let's do this w/o the noAccess chang...

superreview requested: [Bug 206053] [FIX]document.getElementsByTagName('tagname') with XML document wrongly includes elements with namespace prefix in the tag name : [Attachment 223159] Fix for search
neil@parkwaycc.co.uk <neil@httl.net> has asked Scott MacGregor <mscott@mozilla.org> for superreview: Bug 206053: [FIX]document.getElementsByTagName('tagname') with XML document wrongly includes elements with namespace prefix in the tag name https://bugzilla.mozilla.org/show_bug.cgi?id=206053 Attachment 223159: Fix for searchWidgets.xml https://bugzilla.mozilla.org/attachment.cgi?id=223159&action=edit ------- Additional Comments from neil@parkwaycc.co.uk <neil@httl.net> bz or anyone else, feel free to comment. ...

superreview requested: [Bug 245066] [internal] nsPop3Protocol.cpp, back out fix for bug #157644, since david has fixed the problem another way (bug #229374) : [Attachment 156344] proposed fix
David Bienvenu <bienvenu@nventure.com> has asked Scott MacGregor <mscott@mozilla.org> for superreview: Bug 245066: [internal] nsPop3Protocol.cpp, back out fix for bug #157644, since david has fixed the problem another way (bug #229374) http://bugzilla.mozilla.org/show_bug.cgi?id=245066 Attachment 156344: proposed fix http://bugzilla.mozilla.org/attachment.cgi?id=156344&action=edit ...

superreview granted: [Bug 342489] [FIX]Security check in InstallTriggerCheckLoadURIFromScript is odd : [Attachment 226737] Fix
Daniel Veditz <dveditz@cruzio.com> has granted Boris Zbarsky (gone June 26 -- Jul 13) <bzbarsky@mit.edu>'s request for superreview: Bug 342489: [FIX]Security check in InstallTriggerCheckLoadURIFromScript is odd https://bugzilla.mozilla.org/show_bug.cgi?id=342489 Attachment 226737: Fix https://bugzilla.mozilla.org/attachment.cgi?id=226737&action=edit ------- Additional Comments from Daniel Veditz <dveditz@cruzio.com> r/sr=dveditz ...

superreview requested: [Bug 360579] [FIX]Fix for bug 326009 doesn't work quite right with more than 2 tabs : [Attachment 245463] Fix
Boris Zbarsky <bzbarsky@mit.edu> has asked Johnny Stenback <jst@mozilla.org> for superreview: Bug 360579: [FIX]Fix for bug 326009 doesn't work quite right with more than 2 tabs https://bugzilla.mozilla.org/show_bug.cgi?id=360579 Attachment 245463: Fix https://bugzilla.mozilla.org/attachment.cgi?id=245463&action=edit ...

Web resources about - superreview requested: [Bug 354693] [FIX] Security checks for channel redirects inconsistent with document principals : [Attachment 240472] Fix - mozilla.dev.super-review

Resources last updated: 12/23/2015 1:50:02 AM