Bug 965898 - All properties from cross-origin objects are "configurable", non-enumerable, and non-writable. r=gabor
authorBobby Holley <bobbyholley@gmail.com>
Wed, 30 Jul 2014 12:23:02 -0700
changeset 196841 f440504714b99855df41e1f4988fec9e2843bf46
parent 196840 9e85835de239e1599b0bfce56d3c9952e5a69db2
child 196842 103615c82485bf1006a32df461206a5dd036a9f5
push id46984
push userbobbyholley@gmail.com
push dateWed, 30 Jul 2014 19:24:00 +0000
treeherdermozilla-inbound@22e1b7b69877 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgabor
bugs965898
milestone34.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 965898 - All properties from cross-origin objects are "configurable", non-enumerable, and non-writable. r=gabor
js/xpconnect/wrappers/FilteringWrapper.cpp
--- a/js/xpconnect/wrappers/FilteringWrapper.cpp
+++ b/js/xpconnect/wrappers/FilteringWrapper.cpp
@@ -184,16 +184,23 @@ CrossOriginXrayWrapper::getPropertyDescr
                                               JS::Handle<jsid> id,
                                               JS::MutableHandle<JSPropertyDescriptor> desc) const
 {
     if (!SecurityXrayDOM::getPropertyDescriptor(cx, wrapper, id, desc))
         return false;
     if (desc.object()) {
         // All properties on cross-origin DOM objects are |own|.
         desc.object().set(wrapper);
+
+        // All properties on cross-origin DOM objects are non-enumerable and
+        // "configurable". Any value attributes are read-only.
+        desc.attributesRef() &= ~JSPROP_ENUMERATE;
+        desc.attributesRef() &= ~JSPROP_PERMANENT;
+        if (!desc.getter() && !desc.setter())
+            desc.attributesRef() |= JSPROP_READONLY;
     }
     return true;
 }
 
 bool
 CrossOriginXrayWrapper::getOwnPropertyDescriptor(JSContext *cx,
                                                  JS::Handle<JSObject*> wrapper,
                                                  JS::Handle<jsid> id,