Bug 1363208 part 8. Stop using cross-origin Xrays for Location. r=peterv
authorBoris Zbarsky <bzbarsky@mit.edu>
Mon, 21 Jan 2019 03:33:32 +0000
changeset 454671 d4d779afb736002a8621b86a24d52783f0f49e87
parent 454670 140c8b32490c724df4677e93ef98f31c420c7dfe
child 454672 dbab9ee37db197462dd3dee9d947d44e9d644428
push id111317
push userrmaries@mozilla.com
push dateMon, 21 Jan 2019 18:01:55 +0000
treeherdermozilla-inbound@19db0edfbc10 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerspeterv
bugs1363208
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1363208 part 8. Stop using cross-origin Xrays for Location. r=peterv The test change is because it was testing Window, not Location. Differential Revision: https://phabricator.services.mozilla.com/D15432
js/xpconnect/wrappers/WrapperFactory.cpp
js/xpconnect/wrappers/WrapperFactory.h
testing/web-platform/tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html
--- a/js/xpconnect/wrappers/WrapperFactory.cpp
+++ b/js/xpconnect/wrappers/WrapperFactory.cpp
@@ -391,23 +391,17 @@ static const Wrapper* SelectWrapper(bool
       return &PermissiveXrayJS::singleton;
     }
     MOZ_ASSERT(xrayType == XrayForOpaqueObject);
     return &PermissiveXrayOpaque::singleton;
   }
 
   // This is a security wrapper. Use the security versions and filter.
   if (xrayType == XrayForDOMObject &&
-      IdentifyCrossOriginObject(obj) == CrossOriginLocation) {
-    return &FilteringWrapper<CrossOriginXrayWrapper,
-                             CrossOriginAccessiblePropertiesOnly>::singleton;
-  }
-
-  if (xrayType == XrayForDOMObject &&
-      IdentifyCrossOriginObject(obj) == CrossOriginWindow) {
+      IdentifyCrossOriginObject(obj) != CrossOriginOpaque) {
     return &CrossOriginObjectWrapper::singleton;
   }
 
   // There's never any reason to expose other objects to non-subsuming actors.
   // Just use an opaque wrapper in these cases.
   //
   // In general, we don't want opaque function wrappers to be callable.
   // But in the case of XBL, we rely on content being able to invoke
--- a/js/xpconnect/wrappers/WrapperFactory.h
+++ b/js/xpconnect/wrappers/WrapperFactory.h
@@ -55,18 +55,17 @@ class WrapperFactory {
     return !!(flags & flag);
   }
 
   static bool IsXrayWrapper(JSObject* wrapper) {
     return HasWrapperFlag(wrapper, IS_XRAY_WRAPPER_FLAG);
   }
 
   static bool IsCrossOriginWrapper(JSObject* obj) {
-    return IsXrayWrapper(obj) ||
-           (js::IsProxy(obj) &&
+    return (js::IsProxy(obj) &&
             js::GetProxyHandler(obj) == &CrossOriginObjectWrapper::singleton);
   }
 
   static bool HasWaiveXrayFlag(JSObject* wrapper) {
     return HasWrapperFlag(wrapper, WAIVE_XRAY_WRAPPER_FLAG);
   }
 
   static bool IsCOW(JSObject* wrapper);
--- a/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html
+++ b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html
@@ -101,26 +101,32 @@ addTest(function() {
     if (prop != 'location')
       assert_throws("SecurityError", function() { C[prop] = undefined; }, "Should throw when writing to " + prop + " on Window");
   }
   for (var prop in location) {
     if (prop == 'replace') {
       C.location[prop]; // Shouldn't throw.
       Object.getOwnPropertyDescriptor(C.location, prop); // Shouldn't throw.
       assert_true(Object.prototype.hasOwnProperty.call(C.location, prop), "hasOwnProperty for " + prop);
+      assert_throws("SecurityError", function() { C.location[prop] = undefined; }, "Should throw when writing to " + prop + " on Location");
+    }
+    else if (prop == 'href') {
+      Object.getOwnPropertyDescriptor(C.location, prop); // Shouldn't throw.
+      assert_true(Object.prototype.hasOwnProperty.call(C.location, prop), "hasOwnProperty for " + prop);
+      assert_throws("SecurityError", function() { C.location[prop] },
+                    "Should throw reading href on Location");
     }
     else {
-      assert_throws("SecurityError", function() { C[prop]; }, "Should throw when accessing " + prop + " on Location");
-      assert_throws("SecurityError", function() { Object.getOwnPropertyDescriptor(C, prop); },
+      assert_throws("SecurityError", function() { C.location[prop]; }, "Should throw when accessing " + prop + " on Location");
+      assert_throws("SecurityError", function() { Object.getOwnPropertyDescriptor(C.location, prop); },
                     "Should throw when accessing property descriptor for " + prop + " on Location");
-      assert_throws("SecurityError", function() { Object.prototype.hasOwnProperty.call(C, prop); },
+      assert_throws("SecurityError", function() { Object.prototype.hasOwnProperty.call(C.location, prop); },
                     "Should throw when invoking hasOwnProperty for " + prop + " on Location");
+      assert_throws("SecurityError", function() { C.location[prop] = undefined; }, "Should throw when writing to " + prop + " on Location");
     }
-    if (prop != 'href')
-      assert_throws("SecurityError", function() { C[prop] = undefined; }, "Should throw when writing to " + prop + " on Location");
   }
 }, "Only whitelisted properties are accessible cross-origin");
 
 /*
  * ES Internal Methods.
  */
 
 /*