Bugzilla@Mozilla – Bug 448548
XSLT creates documents which don't have script handling objects
Last modified: 2009-01-05 12:18:00 PST
Summon comment box
This may cause similar problems as bug 393761 and bug 393762.
Created attachment 331749 [details] [review] WIP, not properly tested I'll test this some more once I have reasonable well working network connection.
Comment on attachment 331749 [details] [review] WIP, not properly tested This isn't quite good enough. New scriptglobalobject is set for those XSLT processed documents which are going to a contentviewer. Better patch coming...
Created attachment 331793 [details] [review] a bit better This let's one to override scripthandlingobject - basically when document is set to a contentviewer and to a globalwindow.
Comment on attachment 331793 [details] [review] a bit better Should be enough for now.
I need to find some testcase for this. ...trying to modify moz_bug_r_a4@yahoo.com's testcases for XHR/DOMParser/.createDocument
Created attachment 332131 [details] [review] mochitest
Johnny, can we get this reviewed? We probably want to block on it, depending on how safe the fix is...
"blocking" so we don't lose track, but if we can't patch all the holes this week might have to punt to the next update releases.
The patch applies cleanly 1.9.0. Will upload 1.8 patch
Created attachment 335032 [details] [review] for 1.8
Olli, do these patches address the new testcase in comment 8? I wasn't sure if that's an exploit found in your patch or just an additional testcase that does the same thing. moz_bug_r_a4, care to comment?
Yes, the patches do address both testcases.
Comment on attachment 335032 [details] [review] for 1.8 Approved for 1.8.1.17 and 1.9.0.2, a=dveditz for release-drivers.
Comment on attachment 331793 [details] [review] a bit better meant this patch for 1.9.0.x
Verified FIXED using the testcase in comment 8 against: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 -- where it reproduces, and against: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17, where it does NOT. Replacing fixed1.8.1.17 keyword with verified1.8.1.17.
keywords had a typo: "verified1.8.1.7". fixing that.
Created attachment 336281 [details] [review] for 1.8.0 (no changes, just context) a=asac for 1.8.1.15
sorry typo too :): a=asac for 1.8.0.15
is lack of scriptglobalobject guaranteed to give chrome privileges?