mozilla-inbound: changeset 196845:92d1c61c3cdfd301a1a6d3127ac186c67037d765

author	Bobby Holley <bobbyholley@gmail.com>
	Wed, 30 Jul 2014 12:23:02 -0700
changeset 196845	92d1c61c3cdfd301a1a6d3127ac186c67037d765
parent 196844	4209175a1f0a7cbda7caf41fe41bdc8021d5fedd
child 196846	2a6260b2ae9c9e8209ede753f7fd505fe55fb038
push id	46984
push user	bobbyholley@gmail.com
push date	Wed, 30 Jul 2014 19:24:00 +0000
treeherder	mozilla-inbound@22e1b7b69877 [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	gabor
bugs	965898
milestone	34.0a1
first release with	nightly linux32 104254bd1fc8 / 34.0a1 / 20140801030201 / files nightly linux64 104254bd1fc8 / 34.0a1 / 20140801030201 / files nightly mac 104254bd1fc8 / 34.0a1 / 20140801030201 / files nightly win32 104254bd1fc8 / 34.0a1 / 20140801030201 / files nightly win64 104254bd1fc8 / 34.0a1 / 20140801030201 / files
last release without	nightly linux32 f61a27b00e05 / 34.0a1 / 20140730030201 / files nightly linux64 f61a27b00e05 / 34.0a1 / 20140730030201 / files nightly mac f61a27b00e05 / 34.0a1 / 20140730030201 / files nightly win32 f61a27b00e05 / 34.0a1 / 20140730030201 / files nightly win64 f61a27b00e05 / 34.0a1 / 20140730030201 / files

--- a/js/xpconnect/wrappers/ChromeObjectWrapper.cpp
+++ b/js/xpconnect/wrappers/ChromeObjectWrapper.cpp
@@ -4,16 +4,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ChromeObjectWrapper.h"
 #include "WrapperFactory.h"
 #include "AccessCheck.h"
 #include "xpcprivate.h"
 #include "jsapi.h"
+#include "jswrapper.h"
 
 using namespace JS;
 
 namespace xpc {
 
 // When creating wrappers for chrome objects in content, we detect if the
 // prototype of the wrapped chrome object is a prototype for a standard class
 // (like Array.prototype). If it is, we use the corresponding standard prototype
@@ -44,29 +45,30 @@ PropIsFromStandardPrototype(JSContext *c
 {
     MOZ_ASSERT(desc.object());
     RootedObject unwrapped(cx, js::UncheckedUnwrap(desc.object()));
     JSAutoCompartment ac(cx, unwrapped);
     return IdentifyStandardPrototype(unwrapped) != JSProto_Null;
 }
 
 // Note that we're past the policy enforcement stage, here, so we can query
-// ChromeObjectWrapperBase and get an unfiltered view of the underlying object.
-// This lets us determine whether the property we would have found (given a
-// transparent wrapper) would have come off a standard prototype.
+// CrossCompartmentSecurityWrapper (our grand-parent wrapper) and get an
+// unfiltered view of the underlying object. This lets us determine whether
+// the property we would have found (given a transparent wrapper) would
+// have come off a standard prototype.
 static bool
 PropIsFromStandardPrototype(JSContext *cx, HandleObject wrapper,
                             HandleId id)
 {
     MOZ_ASSERT(js::Wrapper::wrapperHandler(wrapper) ==
                &ChromeObjectWrapper::singleton);
     Rooted<JSPropertyDescriptor> desc(cx);
     const ChromeObjectWrapper *handler = &ChromeObjectWrapper::singleton;
-    if (!handler->ChromeObjectWrapperBase::getPropertyDescriptor(cx, wrapper, id,
-                                                                 &desc) ||
+    if (!handler->js::CrossCompartmentSecurityWrapper::getPropertyDescriptor(cx, wrapper, id,
+                                                                             &desc) ||
         !desc.object())
     {
         return false;
     }
     return PropIsFromStandardPrototype(cx, &desc);
 }
 
 bool