Bug 844783 - Disable XBL scopes for XUL-whitelisted domains. r=bz
authorBobby Holley <bobbyholley@gmail.com>
Thu, 21 Mar 2013 09:33:34 -0700
changeset 125824 c5ad6568024ddf6f05564db733f43037f16486df
parent 125823 dc052939828763df406f53df40edf877238d468f
child 125825 fddb99719062766fc910716465e3b957d5e9a63b
push id25109
push userryanvm@gmail.com
push dateThu, 21 Mar 2013 19:52:05 +0000
treeherdermozilla-inbound@a83cbe4e0576 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs844783
milestone22.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 844783 - Disable XBL scopes for XUL-whitelisted domains. r=bz
build/automation.py.in
js/xpconnect/src/XPCWrappedNativeScope.cpp
layout/tools/reftest/reftest-cmdline.js
--- a/build/automation.py.in
+++ b/build/automation.py.in
@@ -543,16 +543,24 @@ user_pref("extensions.getAddons.search.u
 user_pref("plugins.update.url", "http://%(server)s/plugins-dummy/updateCheckURL");
 
 // Existing tests don't wait for the notification button security delay
 user_pref("security.notification_enable_delay", 0);
 
 // Make enablePrivilege continue to work for test code. :-(
 user_pref("security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", true);
 
+// In the default configuration, we bypass XBL scopes (a security feature) for
+// domains whitelisted for remote XUL, so that intranet apps and such continue
+// to work without major rewrites. However, we also use the whitelist mechanism
+// to run our XBL tests in automation, in which case we really want to be testing
+// the configuration that we ship to users without special whitelisting. So we
+// use an additional pref here to allow automation to use the "normal" behavior.
+user_pref("dom.use_xbl_scopes_for_remote_xul", true);
+
 // Get network events.
 user_pref("network.activity.blipIntervalMilliseconds", 250);
 
 // Don't allow the Data Reporting service to prompt for policy acceptance.
 user_pref("datareporting.policy.dataSubmissionPolicyBypassAcceptance", true);
 
 // Point Firefox Health Report at a local server. We don't care if it actually
 // works. It just can't hit the default production endpoint.
--- a/js/xpconnect/src/XPCWrappedNativeScope.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp
@@ -5,16 +5,17 @@
 
 /* Class used to manage the wrapped native objects within a JS scope. */
 
 #include "xpcprivate.h"
 #include "XPCWrapper.h"
 #include "jsproxy.h"
 #include "nsContentUtils.h"
 #include "nsPrincipal.h"
+#include "mozilla/Preferences.h"
 
 #include "mozilla/dom/BindingUtils.h"
 
 using namespace mozilla;
 using namespace xpc;
 
 /***************************************************************************/
 
@@ -124,27 +125,32 @@ XPCWrappedNativeScope::XPCWrappedNativeS
     DEBUG_TrackNewScope(this);
     MOZ_COUNT_CTOR(XPCWrappedNativeScope);
 
     // Attach ourselves to the compartment private.
     CompartmentPrivate *priv = EnsureCompartmentPrivate(aGlobal);
     priv->scope = this;
 
     // Determine whether to use an XBL scope or not.
+    nsIPrincipal *principal = GetPrincipal();
     mUseXBLScope = XPCJSRuntime::Get()->XBLScopesEnabled();
     if (mUseXBLScope) {
       js::Class *clasp = js::GetObjectClass(mGlobalJSObject);
       mUseXBLScope = !strcmp(clasp->name, "Window") ||
                      !strcmp(clasp->name, "ChromeWindow") ||
                      !strcmp(clasp->name, "ModalContentWindow");
     }
     if (mUseXBLScope) {
-      nsIPrincipal *principal = GetPrincipal();
       mUseXBLScope = principal && !nsContentUtils::IsSystemPrincipal(principal);
     }
+    if (mUseXBLScope) {
+      mUseXBLScope = !nsContentUtils::AllowXULXBLForPrincipal(principal) ||
+                      Preferences::GetBool("dom.use_xbl_scopes_for_remote_xul",
+                                           false);
+    }
 }
 
 // static
 JSBool
 XPCWrappedNativeScope::IsDyingScope(XPCWrappedNativeScope *scope)
 {
     for (XPCWrappedNativeScope *cur = gDyingScopes; cur; cur = cur->mNext) {
         if (scope == cur)
--- a/layout/tools/reftest/reftest-cmdline.js
+++ b/layout/tools/reftest/reftest-cmdline.js
@@ -71,16 +71,17 @@ RefTestCmdLineHandler.prototype =
      * setDefaultPrefs().  These are duplicated there so we can have a 
      * restartless addon for reftest on native Android.
      *
      * FIXME: These should be in only one place. 
      */
     var prefs = Components.classes["@mozilla.org/preferences-service;1"].
                 getService(Components.interfaces.nsIPrefService);
     var branch = prefs.getDefaultBranch("");
+    branch.setBoolPref("dom.use_xbl_scopes_for_remote_xul", true);
     branch.setBoolPref("gfx.color_management.force_srgb", true);
     branch.setBoolPref("browser.dom.window.dump.enabled", true);
     branch.setIntPref("ui.caretBlinkTime", -1);
     branch.setBoolPref("dom.send_after_paint_to_content", true);
     // no slow script dialogs
     branch.setIntPref("dom.max_script_run_time", 0);
     branch.setIntPref("dom.max_chrome_script_run_time", 0);
     branch.setIntPref("hangmonitor.timeout", 0);