OK, I've reviewed your input and built a minimal example that compiles without
errors, but doesn't do what it should. In nsScriptLoader::ProcessScriptElement
I added after line 470:
request->mElement = aElement;
nsCOMPtr<Element> currentScriptElem = do_QueryInterface(request->mElement);
nsAutoString classValue(NS_LITERAL_STRING("aaa"));
ErrorResult myError;
if (!currentScriptElem->GetClassList()->Contains(classValue, myError))
return false;
I've tested this with a simple HTML file
<html><head><body>
<script id="script1" class="aaa"> // some code here </script>
<script id="script2" class="bbb"> // some code here </script>
<script id="script3"></script>
</body></html>
The changes are supposed to execute only the code of "script1", as it has the
correct class value "aaa". Scripts 2 and 3 don't have the correct value or have
no class value at all, so the Contains() method should return "false" and the
condition should be triggered and the execution of the current script should be
skipped. But it doesn't - all scripts are executed.
Is there some error in my code or did I misunderstand the functioning of
ProcessScriptElement()? How can I make sure to abort the processing of a script
that FF is about to execute, after I have examined it?
Regards,
Jeremy
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
