Bug 853283 - Grab the window directly from the navigator in nsNavigatorSH::NewResolve. r=mrbkap
authorBobby Holley <bobbyholley@gmail.com>
Thu, 21 Mar 2013 08:20:41 -0700
changeset 125798 4489ed4085abae8302f5b80e4fdba4d23af0907c
parent 125797 de90200c61e1ee5c9ab7bcde6332d2df3a14c462
child 125799 6325487c131eb71bf225a9c2846b2fdb88065618
push id25109
push userryanvm@gmail.com
push dateThu, 21 Mar 2013 19:52:05 +0000
treeherdermozilla-inbound@a83cbe4e0576 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs853283
milestone22.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 853283 - Grab the window directly from the navigator in nsNavigatorSH::NewResolve. r=mrbkap
dom/base/nsDOMClassInfo.cpp
js/xpconnect/tests/chrome/Makefile.in
js/xpconnect/tests/chrome/test_bug853283.xul
--- a/dom/base/nsDOMClassInfo.cpp
+++ b/dom/base/nsDOMClassInfo.cpp
@@ -5713,24 +5713,19 @@ nsNavigatorSH::NewResolve(nsIXPConnectWr
   nsCOMPtr<nsISupports> native(do_CreateInstance(name_struct->mCID, &rv));
   NS_ENSURE_SUCCESS(rv, rv);
 
   jsval prop_val = JSVAL_VOID; // Property value.
 
   nsCOMPtr<nsIDOMGlobalPropertyInitializer> gpi(do_QueryInterface(native));
 
   if (gpi) {
-    JSObject *global = JS_GetGlobalForObject(cx, obj);
-
-    nsISupports *globalNative = XPConnect()->GetNativeOfWrapper(cx, global);
-    nsCOMPtr<nsIDOMWindow> window = do_QueryInterface(globalNative);
-
-    if (!window) {
-      return NS_ERROR_UNEXPECTED;
-    }
+    nsCOMPtr<nsIDOMNavigator> navigator = do_QueryWrappedNative(wrapper);
+    nsIDOMWindow *window = static_cast<Navigator*>(navigator.get())->GetWindow();
+    NS_ENSURE_TRUE(window, NS_ERROR_UNEXPECTED);
 
     rv = gpi->Init(window, &prop_val);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
   if (JSVAL_IS_PRIMITIVE(prop_val) && !JSVAL_IS_NULL(prop_val)) {
     nsCOMPtr<nsIXPConnectJSObjectHolder> holder;
     rv = WrapNative(cx, obj, native, true, &prop_val,
--- a/js/xpconnect/tests/chrome/Makefile.in
+++ b/js/xpconnect/tests/chrome/Makefile.in
@@ -42,16 +42,17 @@ MOCHITEST_CHROME_FILES = \
 		test_bug771429.xul \
 		test_bug773962.xul \
 		test_bug792280.xul \
 		test_bug793433.xul \
 		test_bug795275.xul \
 		test_bug799348.xul \
 		test_bug801241.xul \
 		test_bug812415.xul \
+		test_bug853283.xul \
 		test_APIExposer.xul \
 		test_chrometoSource.xul \
 		outoflinexulscript.js \
 		subscript.js \
 		utf8_subscript.js \
 		test_cows.xul \
 		test_documentdomain.xul \
 		test_doublewrappedcompartments.xul \
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/tests/chrome/test_bug853283.xul
@@ -0,0 +1,41 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
+<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=853283
+-->
+<window title="Mozilla Bug 853283"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
+
+  <!-- test results are displayed in the html:body -->
+  <body xmlns="http://www.w3.org/1999/xhtml">
+  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=853283"
+     target="_blank">Mozilla Bug 853283</a>
+  </body>
+
+  <!-- test code goes here -->
+  <script type="application/javascript">
+  <![CDATA[
+  /** Test nsNavigatorSH::NewResolve in conjunction with Xrays.**/
+  SimpleTest.waitForExplicitFinish();
+  const Cu = Components.utils;
+
+  function go() {
+    // This chrome document already has Xrays to the content scope, but we use a
+    // a sandbox anyway to make sure that the global in play here isn't an
+    // nsIDOMWindow. Otherwise, the resolve hook might just end up squeaking by
+    // with the chrome window.
+    var iwin = $('ifr').contentWindow;
+    var sb = new Cu.Sandbox(window);
+    sb.iwin = iwin;
+    sb.ok = ok;
+    Cu.evalInSandbox('try {iwin.navigator.mozApps; ok(true, "Didnt throw"); } catch (e) { ok(false, "Threw: " + e);}', sb);
+    SimpleTest.finish();
+  }
+
+
+  ]]>
+  </script>
+  <iframe id="ifr" onload="go();" src="http://example.org/tests/js/xpconnect/tests/mochitest/file_empty.html" />
+</window>