Last Comment Bug 448548 - XSLT creates documents which don't have script handling objects
: XSLT creates documents which don't have script handling objects
Status: RESOLVED FIXED
: [sg:critical]
: fixed1.9.0.2, fixed1.9.1, verified1.8.1.17
Product: Core
Classification: Components
Component: DOM
: unspecified
: x86 All
: P1 normal (vote)
: ---
Assigned To: Olli Pettay [:smaug]
: general
:
:
:
  Show dependency treegraph
 
Reported: 2008-07-30 10:08 PDT by Olli Pettay [:smaug]
Modified: 2009-01-05 12:18 PST (History)
11 users (show)
jst: blocking1.9.1+
dveditz: blocking1.9.0.2+
samuel.sidler+old: wanted1.9.0.x+
dveditz: blocking1.8.1.17+
samuel.sidler+old: wanted1.8.1.x+
asac: blocking1.8.0.next+
Olli.Pettay: in‑testsuite?
See Also:
Crash Signature:


Attachments
WIP, not properly tested (3.10 KB, patch)
2008-07-30 10:53 PDT, Olli Pettay [:smaug]
no flags Details | Diff | Splinter Review
a bit better (2.87 KB, patch)
2008-07-30 15:59 PDT, Olli Pettay [:smaug]
jonas: review+
jst: superreview+
dveditz: approval1.9.0.2+
Details | Diff | Splinter Review
mochitest (2.90 KB, patch)
2008-08-03 12:51 PDT, Olli Pettay [:smaug]
no flags Details | Diff | Splinter Review
for 1.8 (4.18 KB, patch)
2008-08-22 05:34 PDT, Olli Pettay [:smaug]
jonas: review+
jonas: superreview+
dveditz: approval1.8.1.17+
Details | Diff | Splinter Review
for 1.8.0 (no changes, just context) (3.75 KB, patch)
2008-08-31 16:49 PDT, Alexander Sack
asac: approval1.8.0.next+
Details | Diff | Splinter Review

Summon comment box

Description Olli Pettay [:smaug] 2008-07-30 10:08:16 PDT
This may cause similar problems as bug 393761 and bug 393762.
Comment 1 Olli Pettay [:smaug] 2008-07-30 10:53:46 PDT
Created attachment 331749 [details] [review]
WIP, not properly tested

I'll test this some more once I have reasonable well working network connection.
Comment 2 Olli Pettay [:smaug] 2008-07-30 15:42:39 PDT
Comment on attachment 331749 [details] [review]
WIP, not properly tested

This isn't quite good enough. New scriptglobalobject is set for those XSLT processed documents which are going to a contentviewer.
Better patch coming...
Comment 3 Olli Pettay [:smaug] 2008-07-30 15:59:05 PDT
Created attachment 331793 [details] [review]
a bit better

This let's one to override scripthandlingobject - basically when
document is set to a contentviewer and to a globalwindow.
Comment 4 Olli Pettay [:smaug] 2008-07-30 16:56:05 PDT
Comment on attachment 331793 [details] [review]
a bit better

Should be enough for now.
Comment 5 Olli Pettay [:smaug] 2008-08-01 12:50:21 PDT
I need to find some testcase for this.
...trying to modify moz_bug_r_a4@yahoo.com's testcases for XHR/DOMParser/.createDocument 
Comment 6 Olli Pettay [:smaug] 2008-08-03 12:51:12 PDT
Created attachment 332131 [details] [review]
mochitest
Comment 7 Samuel Sidler (old account; do not CC) 2008-08-14 19:53:25 PDT
Johnny, can we get this reviewed? We probably want to block on it, depending on how safe the fix is...
Comment 9 Daniel Veditz 2008-08-18 11:38:29 PDT
"blocking" so we don't lose track, but if we can't patch all the holes this week might have to punt to the next update releases.
Comment 10 Olli Pettay [:smaug] 2008-08-22 04:54:17 PDT
The patch applies cleanly 1.9.0. Will upload 1.8 patch
Comment 11 Olli Pettay [:smaug] 2008-08-22 05:34:50 PDT
Created attachment 335032 [details] [review]
for 1.8
Comment 12 Samuel Sidler (old account; do not CC) 2008-08-22 11:20:36 PDT
Olli, do these patches address the new testcase in comment 8? I wasn't sure if that's an exploit found in your patch or just an additional testcase that does the same thing.

moz_bug_r_a4, care to comment?
Comment 13 Olli Pettay [:smaug] 2008-08-22 11:23:49 PDT
Yes, the patches do address both testcases.
Comment 14 Daniel Veditz 2008-08-22 11:26:23 PDT
Comment on attachment 335032 [details] [review]
for 1.8

Approved for 1.8.1.17 and 1.9.0.2, a=dveditz for release-drivers.
Comment 15 Daniel Veditz 2008-08-22 11:27:43 PDT
Comment on attachment 331793 [details] [review]
a bit better

meant this patch for 1.9.0.x
Comment 16 Stephen Donner [:stephend] 2008-08-30 00:03:26 PDT
Verified FIXED using the testcase in comment 8 against:

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 -- where it reproduces, and against:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17, where it does NOT.

Replacing fixed1.8.1.17 keyword with verified1.8.1.17.
Comment 17 Alexander Sack 2008-08-31 16:44:37 PDT
keywords had a typo: "verified1.8.1.7". fixing that.
Comment 18 Alexander Sack 2008-08-31 16:49:06 PDT
Created attachment 336281 [details] [review]
for 1.8.0 (no changes, just context)

a=asac for 1.8.1.15
Comment 19 Alexander Sack 2008-08-31 16:50:16 PDT
sorry typo too :):

a=asac for 1.8.0.15
Comment 20 georgi - hopefully not receiving bugspam 2008-09-24 01:56:17 PDT
is lack of scriptglobalobject guaranteed to give chrome privileges?

Note You need to log in before you can comment on or make changes to this bug.