author | Boris Zbarsky <bzbarsky@mit.edu> |
Wed, 28 Mar 2018 22:46:22 -0400 | |
changeset 410735 | 35da0017040ef09e5d5534857109f163e17068d7 |
parent 410734 | e974a8ab639efe84bbf97de0379e9e41b34deac7 |
child 410736 | 825bb50e3922642a4a5b92a67bd6a6fe4e3bea7e |
push id | 33736 |
push user | shindli@mozilla.com |
push date | Fri, 30 Mar 2018 09:56:41 +0000 |
treeherder | mozilla-central@b7fa9d95150e [default view] [failures only] |
perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
reviewers | kmag |
bugs | 1389581 |
milestone | 61.0a1 |
first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/js/xpconnect/src/XPCComponents.cpp +++ b/js/xpconnect/src/XPCComponents.cpp @@ -158,19 +158,17 @@ nsXPCComponents_Interfaces::GetClassID(n { *aClassID = nullptr; return NS_OK; } NS_IMETHODIMP nsXPCComponents_Interfaces::GetFlags(uint32_t* aFlags) { - // Mark ourselves as a DOM object so that instances may be created in - // unprivileged scopes. - *aFlags = nsIClassInfo::DOM_OBJECT; + *aFlags = 0; return NS_OK; } NS_IMETHODIMP nsXPCComponents_Interfaces::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) { return NS_ERROR_NOT_AVAILABLE; } @@ -358,19 +356,17 @@ nsXPCComponents_InterfacesByID::GetClass { *aClassID = nullptr; return NS_OK; } NS_IMETHODIMP nsXPCComponents_InterfacesByID::GetFlags(uint32_t* aFlags) { - // Mark ourselves as a DOM object so that instances may be created in - // unprivileged scopes. - *aFlags = nsIClassInfo::DOM_OBJECT; + *aFlags = 0; return NS_OK; } NS_IMETHODIMP nsXPCComponents_InterfacesByID::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) { return NS_ERROR_NOT_AVAILABLE; } @@ -952,19 +948,17 @@ nsXPCComponents_Results::GetClassID(nsCI { *aClassID = nullptr; return NS_OK; } NS_IMETHODIMP nsXPCComponents_Results::GetFlags(uint32_t* aFlags) { - // Mark ourselves as a DOM object so that instances may be created in - // unprivileged scopes. - *aFlags = nsIClassInfo::DOM_OBJECT; + *aFlags = 0; return NS_OK; } NS_IMETHODIMP nsXPCComponents_Results::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) { return NS_ERROR_NOT_AVAILABLE; } @@ -3260,20 +3254,20 @@ NS_IMPL_QUERY_INTERFACE(ComponentsSH, ns #define NSXPCCOMPONENTSBASE_CID \ { 0xc62998e5, 0x95f1, 0x4058, \ { 0xa5, 0x09, 0xec, 0x21, 0x66, 0x18, 0x92, 0xb9 } } #define NSXPCCOMPONENTS_CID \ { 0x3649f405, 0xf0ec, 0x4c28, \ { 0xae, 0xb0, 0xaf, 0x9a, 0x51, 0xe4, 0x4c, 0x81 } } -NS_IMPL_CLASSINFO(nsXPCComponentsBase, &ComponentsSH::Get, nsIClassInfo::DOM_OBJECT, NSXPCCOMPONENTSBASE_CID) +NS_IMPL_CLASSINFO(nsXPCComponentsBase, &ComponentsSH::Get, 0, NSXPCCOMPONENTSBASE_CID) NS_IMPL_ISUPPORTS_CI(nsXPCComponentsBase, nsIXPCComponentsBase) -NS_IMPL_CLASSINFO(nsXPCComponents, &ComponentsSH::Get, nsIClassInfo::DOM_OBJECT, NSXPCCOMPONENTS_CID) +NS_IMPL_CLASSINFO(nsXPCComponents, &ComponentsSH::Get, 0, NSXPCCOMPONENTS_CID) // Below is more or less what NS_IMPL_ISUPPORTS_CI_INHERITED1 would look like // if it existed. NS_IMPL_ADDREF_INHERITED(nsXPCComponents, nsXPCComponentsBase) NS_IMPL_RELEASE_INHERITED(nsXPCComponents, nsXPCComponentsBase) NS_INTERFACE_MAP_BEGIN(nsXPCComponents) NS_INTERFACE_MAP_ENTRY(nsIXPCComponents) NS_IMPL_QUERY_CLASSINFO(nsXPCComponents) NS_INTERFACE_MAP_END_INHERITING(nsXPCComponentsBase)
--- a/js/xpconnect/tests/unit/test_allowedDomains.js +++ b/js/xpconnect/tests/unit/test_allowedDomains.js @@ -33,14 +33,9 @@ function run_test() { } catch (e) { Assert.ok(e.message && e.message.includes("Permission denied to access property")); } } evalAndCatch("objC.prop1", sbMaster); evalAndCatch("objMaster.prop1", sbA); evalAndCatch("objMaster.prop1", sbSubset); - - // Bug 777705: - sbMaster.Components = Cu.getComponentsForScope(sbMaster); - Cu.evalInSandbox("Components.interfaces", sbMaster); - Assert.ok(true); }
--- a/js/xpconnect/tests/unit/test_components.js +++ b/js/xpconnect/tests/unit/test_components.js @@ -1,52 +1,24 @@ function run_test() { var sb1 = Cu.Sandbox("http://www.blah.com"); - var sb2 = Cu.Sandbox("http://www.blah.com"); - var sb3 = Cu.Sandbox(this); - var sb4 = Cu.Sandbox("http://www.other.com"); + var sb2 = Cu.Sandbox(this); var rv; - // Components is normally hidden from content on the XBL scope chain, but we - // expose it to content here to make sure that the security wrappers work - // regardless. - [sb1, sb2, sb4].forEach(function(x) { x.Components = Cu.getComponentsForScope(x); }); - // non-chrome accessing chrome Components sb1.C = Components; + checkThrows("C.interfaces", sb1); checkThrows("C.utils", sb1); checkThrows("C.classes", sb1); - // non-chrome accessing own Components - Assert.equal(Cu.evalInSandbox("typeof Components.interfaces", sb1), 'object'); - Assert.equal(Cu.evalInSandbox("typeof Components.utils", sb1), 'undefined'); - Assert.equal(Cu.evalInSandbox("typeof Components.classes", sb1), 'undefined'); - - // Make sure an unprivileged Components is benign. - var C2 = Cu.evalInSandbox("Components", sb2); - var whitelist = ['interfaces', 'interfacesByID', 'results', 'isSuccessCode', 'QueryInterface']; - for (var prop in Components) { - info("Checking " + prop); - Assert.equal((prop in C2), whitelist.includes(prop)); - } - - // non-chrome same origin - sb1.C2 = C2; - Assert.equal(Cu.evalInSandbox("typeof C2.interfaces", sb1), 'object'); - Assert.equal(Cu.evalInSandbox("typeof C2.utils", sb1), 'undefined'); - Assert.equal(Cu.evalInSandbox("typeof C2.classes", sb1), 'undefined'); + // non-chrome accessing own Components: shouldn't exist. + Assert.equal(Cu.evalInSandbox("typeof Components", sb1), 'undefined'); // chrome accessing chrome - sb3.C = Components; - rv = Cu.evalInSandbox("C.utils", sb3); + sb2.C = Components; + rv = Cu.evalInSandbox("C.utils", sb2); Assert.equal(rv, Cu); - - // non-chrome cross origin - sb4.C2 = C2; - checkThrows("C2.interfaces", sb4); - checkThrows("C2.utils", sb4); - checkThrows("C2.classes", sb4); } function checkThrows(expression, sb) { var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb); Assert.ok(!!/denied/.exec(result)); }
--- a/layout/forms/test/test_bug348236.html +++ b/layout/forms/test/test_bug348236.html @@ -33,17 +33,16 @@ https://bugzilla.mozilla.org/show_bug.cg <script type="text/javascript"> /** Test for Bug 348236 **/ SimpleTest.waitForExplicitFinish() addLoadEvent(function test() { var - CI = SpecialPowers.Components.interfaces, WinUtils = SpecialPowers.getDOMWindowUtils(window), sec = netscape.security, eSelect = $("eSelect"), timeout = 0 // Choose a larger value like 500 ms if you want to see what's happening. function keypressOnSelect(key) { eSelect.focus(); synthesizeKey(key.key, {altKey: key.altKey});