Page MenuHomePhabricator
Create Task
Maniphest T91378

JS errors in Firefox 16-21 due to missing crypto.getRandomValues()
Closed, ResolvedPublic
Actions

Description

Since T78449 generateRandomSessionId tries to use crypto.getRandomValues(), but it tests only the existence of window.crypto. At least in Firefox window.crypto exists longer (as non-standard implementation, at least since FF16) than crypto.getRandomValues() (starting with FF21). The implementation for generateRandomSessionId should check not only window.crypto, but also crypto.getRandomValues before calling it to avoid this error, even though this only affects old browsers.

Details

SubjectRepoBranchLines +/-
mediawiki.user: Check crypto.getRandomValues before usemediawiki/coremaster+1 -1
Customize query in gerrit

Related Objects

Event Timeline

Schnark created this task.Mar 3 2015, 8:59 AM
Schnark raised the priority of this task from to Needs Triage.
Schnark updated the task description. (Show Details)
Schnark added projects: JavaScript, MediaWiki-General.
Schnark subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 3 2015, 8:59 AM
Aklapper renamed this task from JS errors in old Firefox due to missing crypto.getRandomValues() to JS errors in Firefox 16-21 due to missing crypto.getRandomValues().Mar 3 2015, 9:07 AM
Aklapper triaged this task as Lowest priority.
Aklapper added a project: good first task.
Aklapper set Security to None.
Krinkle subscribed.Mar 3 2015, 6:16 PM
gerritbot subscribed.Mar 3 2015, 6:24 PM

Change 194156 had a related patch set uploaded (by Umherirrender):
Check crypto.getRandomValues in mw.user.js before use

https://gerrit.wikimedia.org/r/194156

gerritbot added a project: Patch-For-Review.Mar 3 2015, 6:24 PM
Umherirrender claimed this task.Mar 3 2015, 6:24 PM
matmarex closed this task as Resolved.Mar 3 2015, 10:19 PM
matmarex subscribed.
gerritbot added a comment.Mar 3 2015, 10:50 PM

Change 194156 merged by jenkins-bot:
mediawiki.user: Check crypto.getRandomValues before use

https://gerrit.wikimedia.org/r/194156

matmarex mentioned this in rMW9ef33b971d33: mediawiki.user: Check crypto.getRandomValues before use.Mar 3 2015, 10:50 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL